Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NetFxRepairTools.msi

Overview

General Information

Sample name:NetFxRepairTools.msi
Analysis ID:1579096
MD5:ae0e58e79a1585948311e1e5206e2867
SHA1:076628ef0522824d83988b1ef0f87a89b3150e5e
SHA256:15af8c34e25268b79022d3434aa4b823ad9d34f3efc6a8124ecf0276700ecc39
Infos:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Yara detected Quasar RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Allocates memory in foreign processes
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to start a terminal service
Creates files in the system32 config directory
Hijacks the control flow in another process
May use the Tor software to hide its network traffic
Modifies the hosts file
Opens network shares
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: Suspect Svchost Activity
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dllhost Internet Connection
Sigma detected: Uncommon Svchost Parent Process
Stores files to the Windows start menu directory
Tries to disable installed Antivirus / HIPS / PFW
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • msiexec.exe (PID: 7052 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\NetFxRepairTools.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7096 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6336 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 74DBC12C47BBA93F00B18D929CC9320B C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7804 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 51EA4663DED3D36C59DE5090ACBE1A6A MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • svchost.exe (PID: 6508 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • chrome.exe (PID: 6724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,5525789345313659739,3958555170584979043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • svchost.exe (PID: 6760 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 72 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6184 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6260 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4732 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 3512 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 7908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • x64dbg.exe (PID: 7892 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe" MD5: 7E7A1CA41C9BD33CE50483D575148235)
    • cmd.exe (PID: 7924 cmdline: C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\ MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8000 cmdline: C:\Windows\system32\cmd.exe /c mkdir C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\ MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • DevQueryBroker.exe (PID: 8092 cmdline: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe MD5: 0BD5E02B3F1A21A37836B531163A03F5)
  • DevQueryBroker.exe (PID: 3028 cmdline: "C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe" MD5: 0BD5E02B3F1A21A37836B531163A03F5)
  • DevQueryBroker.exe (PID: 2924 cmdline: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe -svc MD5: 0BD5E02B3F1A21A37836B531163A03F5)
    • spoolsv.exe (PID: 2284 cmdline: C:\Windows\System32\spoolsv.exe MD5: 0D4B1E3E4488E9BDC035F23E1F4FE22F)
      • dllhost.exe (PID: 4696 cmdline: C:\Windows\System32\dllhost.exe MD5: 08EB78E5BE019DF044C26B14703BD1FA)
      • svchost.exe (PID: 7660 cmdline: C:\Windows\System32\svchost.exe MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • firefox.exe (PID: 7492 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7488 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7684 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c29272-6054-4f1c-9b1f-da39f589753f} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b26d910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4040 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -parentBuildID 20230927232528 -prefsHandle 2952 -prefMapHandle 3800 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d1e68a-4ba2-43e6-96ba-4f30bec53afc} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b241410 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5844 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5100 -prefMapHandle 5132 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb2d306b-13c2-47c1-93ff-384e016ef4a7} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f78090f10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
    0000001E.00000002.2677313204.000000C00000F000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
      0000001E.00000002.2442293644.00000001404EE000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
        0000001B.00000002.2739528928.000001B6BFF28000.00000004.00001000.00020000.00000000.sdmpInvoke_MimikatzDetects Invoke-Mimikatz StringFlorian Roth
        • 0x5ed8:$x2: TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm
        0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
          Click to see the 15 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          20.2.DevQueryBroker.exe.1d6789f0000.4.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            20.2.DevQueryBroker.exe.1d6789f0000.4.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
            • 0x37760:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
            • 0x3ba3e:$s1: CoGetObject
            • 0x37718:$s2: Elevation:Administrator!new:
            20.2.DevQueryBroker.exe.140000000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              20.2.DevQueryBroker.exe.140000000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
              • 0x37760:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
              • 0x3ba3e:$s1: CoGetObject
              • 0x37718:$s2: Elevation:Administrator!new:
              20.2.DevQueryBroker.exe.1d6789f0000.4.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                Click to see the 8 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Suspect Svchost Activity
                Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\System32\spoolsv.exe, ParentImage: C:\Windows\System32\spoolsv.exe, ParentProcessId: 2284, ParentProcessName: spoolsv.exe, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 7660, ProcessName: svchost.exe
                Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
                Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\cmd.exe, ProcessId: 7924, TargetFilename: C:\Users\Public\Documents\78E3D2D7\
                Sigma detected: Dllhost Internet Connection
                Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 154.12.191.39, DestinationIsIpv6: false, DestinationPort: 1080, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 4696, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49718
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\System32\spoolsv.exe, ParentImage: C:\Windows\System32\spoolsv.exe, ParentProcessId: 2284, ParentProcessName: spoolsv.exe, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 7660, ProcessName: svchost.exe
                Sigma detected: Local Accounts Discovery
                Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\, CommandLine: C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe" , ParentImage: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe, ParentProcessId: 7892, ParentProcessName: x64dbg.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\, ProcessId: 7924, ProcessName: cmd.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6508, ProcessName: svchost.exe

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C00000F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.00000001404EE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6C02A2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.0000000140234000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2680115867.000000C000161000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C000236000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFD8D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 4696, type: MEMORYSTR
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability

                Exploits

                barindex
                Yara detected UAC Bypass using CMSTP
                Source: Yara matchFile source: 20.2.DevQueryBroker.exe.1d6789f0000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.DevQueryBroker.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.DevQueryBroker.exe.1d6789f0000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.DevQueryBroker.exe.140000000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.1500325866.000001D6789F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: DevQueryBroker.exe PID: 8092, type: MEMORYSTR

                Compliance

                barindex
                Detected unpacking (creates a PE file in dynamic memory)
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeUnpacked PE file: 20.2.DevQueryBroker.exe.140000000.0.unpack
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49744 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49764 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49768 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49773 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49776 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49778 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49779 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49780 version: TLS 1.2
                Source: Binary string: UxTheme.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000001D.00000003.1954223412.0000017F6AEB0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winsta.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ktmw32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: WscApi.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000001D.00000003.1946387351.0000017F6AEAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: k32.pdb source: firefox.exe, 0000001D.00000003.1947431144.0000017F6AE52000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: xul.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nssckbi.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winnsi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dcomp.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ntmarta.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: urlmon.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7522D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shlwapi.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msvcr120.amd64.pdb source: x64dbg.exe, 0000000F.00000002.1545832024.00007FFF293E3000.00000002.00000001.01000000.00000000.sdmp, x64dbg.exe, 0000000F.00000002.1539596314.0000025482240000.00000004.00001000.00020000.00000000.sdmp, DevQueryBroker.exe, 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmp
                Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: win32u.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dwmapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: srvcli.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: imm32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: freebl3.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000001D.00000003.1905937887.0000017F6BEA8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ws2_32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8imagehlp.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: mswsock.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nsi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: MonitoringHost.pdb source: x64dbg.exe, 0000000F.00000002.1538789669.00000254806C0000.00000004.00001000.00020000.00000000.sdmp, DevQueryBroker.exe, 00000014.00000000.1487698551.00007FF6414A1000.00000020.00000001.01000000.0000000A.sdmp
                Source: Binary string: winmm.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ole32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msasn1.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: DWrite.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: combase.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\x64_dbg\bin\x64\x64dbg_exe.pdb source: x64dbg.exe, 0000000F.00000002.1539933595.00007FF786E53000.00000002.00000001.01000000.00000000.sdmp, x64dbg.exe, 0000000F.00000000.1413139228.00007FF786E53000.00000002.00000001.01000000.00000006.sdmp
                Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7523F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1869123968.0000017F75248000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ncrypt.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nss3.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wsock32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1918710551.0000017F6AE50000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wininet.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: UMPDC.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7522D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wshbth.pdb source: firefox.exe, 0000001D.00000003.1954223412.0000017F6AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wsock32.pdbUGP source: firefox.exe, 0000001D.00000003.1918710551.0000017F6AE50000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7522D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shcore.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8audioses.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8netutils.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: sspicli.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shell32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msvcp120.amd64.pdb source: x64dbg.exe, 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmp
                Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000001D.00000003.1946387351.0000017F6AEAA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dnsapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: userenv.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nlaapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winhttp.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msimg32.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ntasn1.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: devobj.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d3d11.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: MonitoringHost.pdb33H source: x64dbg.exe, 0000000F.00000002.1538789669.00000254806C0000.00000004.00001000.00020000.00000000.sdmp, DevQueryBroker.exe, 00000014.00000000.1487698551.00007FF6414A1000.00000020.00000001.01000000.0000000A.sdmp
                Source: Binary string: dbghelp.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: gdi32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: profapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: avrt.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: WLDP.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: propsys.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: k32.pdbUGP source: firefox.exe, 0000001D.00000003.1947431144.0000017F6AE52000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winrnr.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msctf.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: version.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dbgcore.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: mscms.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: twinapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: psapi.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dxgi.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                Source: C:\Windows\System32\svchost.exeFile opened: d:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile opened: c:Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2996BB84 wcslen,wcslen,FindFirstFileExW,FindClose,wcscpy_s,??3@YAXPEAX@Z,15_2_00007FFF2996BB84
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001FC04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,20_2_000000014001FC04
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB6974 _errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,__time64_t_from_ft,__time64_t_from_ft,__time64_t_from_ft,20_2_00007FFF29DB6974
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB4924 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,20_2_00007FFF29DB4924
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB88D0 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime32_t,free,_wsopen_s,_fstat32i64,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FindClose,__wdtoxmode,GetLastError,_dosmaperr,FindClose,GetLastError,_dosmaperr,FindClose,20_2_00007FFF29DB88D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB6BE0 _errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,__time64_t_from_ft,__time64_t_from_ft,__time64_t_from_ft,20_2_00007FFF29DB6BE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB7A74 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime32_t,free,_errno,__doserrno,_wsopen_s,_fstat32,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FindClose,__wdtoxmode,_errno,GetLastError,_dosmaperr,FindClose,20_2_00007FFF29DB7A74
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB7EF8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime64_t,free,_wsopen_s,_fstat64,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime64_t,FindClose,__wdtoxmode,GetLastError,_dosmaperr,FindClose,GetLastError,_dosmaperr,FindClose,20_2_00007FFF29DB7EF8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB433C _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,20_2_00007FFF29DB433C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD7827C08 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,25_2_0000021AD7827C08
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000A348 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,26_2_000000014000A348
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1220_2_00007FFF298C092D
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298E2869
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then sub rsp, 38h20_2_00007FFF298DAB50
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298E2B49
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1420_2_00007FFF298A6B6C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1220_2_00007FFF2988EA7E
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then sub rsp, 38h20_2_00007FFF298ACDD0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298ACD00
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298E2C39
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push rbx20_2_00007FFF298A4C30
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1520_2_00007FFF29886FBD
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1520_2_00007FFF298861AD
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298EC130
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298EC130
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298EC130
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then cmp byte ptr [00007FFF298EDF90h], 00000000h20_2_00007FFF298EC130
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298EC090
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push rbx20_2_00007FFF298C431A
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298E2779
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1520_2_00007FFF298D26A4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push rbx20_2_00007FFF298A46C0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then lea rdx, qword ptr [00007FFF29863690h]20_2_00007FFF298639A0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then mov rax, qword ptr [rcx+10h]20_2_00007FFF29863C10
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298DFB99
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1520_2_00007FFF298A7B8C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298DFAA9
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1420_2_00007FFF29863CF0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then mov rax, qword ptr [rcx+10h]20_2_00007FFF29863CF0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298DFF49
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298EBEE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298EBEE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1320_2_00007FFF298DFE59
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1220_2_00007FFF29875072
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push rdi20_2_00007FFF298D33F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1420_2_00007FFF298673E0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1420_2_00007FFF298673E0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then lea rdx, qword ptr [00007FFF29867680h]20_2_00007FFF298673E0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then sub rsp, 38h20_2_00007FFF298D7410
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1220_2_00007FFF298A733D
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1520_2_00007FFF2988537D
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then lea rdx, qword ptr [00007FFF29863690h]20_2_00007FFF29863360
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then mov rax, qword ptr [rcx+10h]20_2_00007FFF298635D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then mov rax, qword ptr [rcx]20_2_00007FFF29865480
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then push r1420_2_00007FFF298636B0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then mov rax, qword ptr [rcx+10h]20_2_00007FFF298636B0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 4x nop then mov r9, qword ptr [r8+08h]20_2_00007FFF298A3670
                Source: firefox.exeMemory has grown: Private usage: 1MB later: 183MB
                Source: unknownNetwork traffic detected: DNS query count 33
                Source: global trafficTCP traffic: 192.168.2.16:49718 -> 154.12.191.39:1080
                Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
                Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
                Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
                Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ifconfig.meUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ifconfig.meUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
                Source: firefox.exe, 0000001D.00000003.2182205459.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1893649417.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2041979271.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
                Source: firefox.exe, 0000001D.00000003.2150850618.0000017F75192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
                Source: firefox.exe, 0000001D.00000003.2182205459.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1893649417.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BECE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
                Source: firefox.exe, 0000001D.00000003.2150850618.0000017F75192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
                Source: firefox.exe, 0000001D.00000003.2153911341.0000017F74DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1861226510.0000017F74DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
                Source: firefox.exe, 0000001D.00000003.2153911341.0000017F74DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1861226510.0000017F74DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
                Source: firefox.exe, 0000001D.00000003.2153911341.0000017F74DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1861226510.0000017F74DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
                Source: firefox.exe, 0000001D.00000003.2182205459.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1852976205.0000017F77AFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1977711056.0000017F6B71E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                Source: firefox.exe, 0000001D.00000003.1852976205.0000017F77AFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1977711056.0000017F6B71E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1868172842.0000017F77AFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                Source: firefox.exe, 0000001D.00000003.1640714130.0000017F6BEC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BEF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1757082809.0000017F7809F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: apis.google.com
                Source: global trafficDNS traffic detected: DNS query: play.google.com
                Source: global trafficDNS traffic detected: DNS query: ferp.googledns.io
                Source: global trafficDNS traffic detected: DNS query: ifconfig.me
                Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
                Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
                Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
                Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
                Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
                Source: global trafficDNS traffic detected: DNS query: www.youtube.com
                Source: global trafficDNS traffic detected: DNS query: www.facebook.com
                Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
                Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
                Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
                Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
                Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
                Source: global trafficDNS traffic detected: DNS query: www.reddit.com
                Source: global trafficDNS traffic detected: DNS query: twitter.com
                Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
                Source: global trafficDNS traffic detected: DNS query: example.org
                Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
                Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
                Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
                Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
                Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
                Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
                Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
                Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
                Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
                Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
                Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
                Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
                Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 905sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: firefox.exe, 0000001D.00000003.2117366636.0000017F68F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68F52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1870124138.0000017F6ED7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                Source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
                Source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
                Source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
                Source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: firefox.exe, 0000001D.00000003.1928832182.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: firefox.exe, 0000001D.00000003.1914517901.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: firefox.exe, 0000001D.00000003.2194986197.0000017F6BF18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
                Source: firefox.exe, 0000001D.00000003.2293107451.0000017F695D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
                Source: firefox.exe, 0000001D.00000003.2295631940.0000017F68F43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                Source: firefox.exe, 0000001D.00000003.2145679763.0000017F77DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                Source: svchost.exe, 00000004.00000002.2512435025.00000213CEC00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: firefox.exe, 0000001D.00000003.1928832182.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: firefox.exe, 0000001D.00000003.1914517901.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                Source: firefox.exe, 0000001D.00000003.1908238046.0000017F6BE2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2113286828.0000017F6AFA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
                Source: firefox.exe, 0000001D.00000003.2295631940.0000017F68F3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
                Source: firefox.exe, 0000001D.00000003.2149504642.0000017F75248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
                Source: firefox.exe, 0000001D.00000003.2149504642.0000017F75248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
                Source: firefox.exe, 0000001D.00000003.1879583837.0000017F6D997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2034409229.0000017F6D99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2107913113.0000017F6D99B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.comP
                Source: firefox.exe, 0000001D.00000003.1999357167.0000017F77ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
                Source: firefox.exe, 0000001D.00000003.1999357167.0000017F77ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
                Source: svchost.exe, 00000004.00000002.2531256964.00000213CECB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/
                Source: svchost.exe, 00000004.00000002.2539936007.00000213CECFE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2527080059.00000213CEC7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
                Source: svchost.exe, 00000004.00000002.2531256964.00000213CECB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80IO:ID:
                Source: firefox.exe, 0000001D.00000003.2300916876.0000017F61F1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6698A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6698A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6698A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
                Source: firefox.exe, 0000001D.00000002.2551859399.0000017F5B203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/strings8
                Source: svchost.exe, 00000004.00000003.1203077472.00000213CE960000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1743885524.0000017F6D67C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
                Source: firefox.exe, 0000001D.00000003.1852976205.0000017F77AFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1868172842.0000017F77AFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
                Source: firefox.exe, 0000001D.00000003.1759081319.000001820003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1722757601.0000017F6B112000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2005410902.0000017F6AF88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2113286828.0000017F6AF66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1636341313.0000017F75222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2127437257.0000017F69533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1726680504.0000017F77F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1726680504.0000017F77F9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BE22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2113286828.0000017F6AF96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1814967543.0000017F689E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1784885591.0000017F6E4F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1637313705.0000017F74DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2232007039.0000017F6917E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1692053020.0000017F750A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2058852341.0000017F68329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1726680504.0000017F77F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
                Source: firefox.exe, 0000001D.00000003.1914517901.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                Source: firefox.exe, 0000001D.00000003.1928832182.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: firefox.exe, 0000001D.00000003.2145679763.0000017F77DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                Source: firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                Source: firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
                Source: firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                Source: svchost.exe, 00000006.00000002.1370593659.000001565D013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.comc
                Source: firefox.exe, 0000001D.00000003.2251488641.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2252364698.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2249535724.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: firefox.exe, 0000001D.00000003.2251488641.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2252364698.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comhavoitu
                Source: firefox.exe, 0000001D.00000003.2251488641.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2250505889.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comsed
                Source: firefox.exe, 0000001D.00000003.2369456046.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2368373608.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2367429898.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: firefox.exe, 0000001D.00000003.2369456046.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2368373608.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2367429898.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnm3
                Source: firefox.exe, 0000001D.00000003.2353199042.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                Source: firefox.exe, 0000001D.00000003.2353199042.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/(
                Source: firefox.exe, 0000001D.00000003.2353199042.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/3
                Source: firefox.exe, 0000001D.00000003.2351913494.0000017F61F40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2354083689.0000017F61F40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: firefox.exe, 0000001D.00000003.2357014247.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.krom/
                Source: firefox.exe, 0000001D.00000003.1806761245.0000017F78B5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                Source: firefox.exe, 0000001D.00000003.2145679763.0000017F77DD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com0
                Source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
                Source: firefox.exe, 0000001D.00000003.2117366636.0000017F68F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2001052188.0000017F6B25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1910414485.0000017F6D438000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1888428317.0000017F6D432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1639486797.0000017F6D5F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2173732969.0000017F6D438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
                Source: firefox.exe, 0000001D.00000003.2357014247.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: firefox.exe, 0000001D.00000003.2302668576.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2300916876.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
                Source: firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: firefox.exe, 0000001D.00000003.1853358692.0000017F77AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
                Source: firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
                Source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
                Source: firefox.exe, 0000001D.00000003.2203014004.0000017F78544000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1846788701.0000017F78544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
                Source: firefox.exe, 0000001D.00000003.2140282344.0000017F6E5B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2320718765.0000017F7855B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
                Source: firefox.exe, 0000001D.00000003.2041979271.0000017F6C3D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1893649417.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
                Source: firefox.exe, 0000001D.00000003.1640714130.0000017F6BEC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BEF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
                Source: firefox.exe, 0000001D.00000003.2116561845.0000017F69592000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1861138652.0000017F74DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
                Source: firefox.exe, 0000001D.00000003.2295631940.0000017F68F5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
                Source: firefox.exe, 0000001D.00000002.2551859399.0000017F5B20B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
                Source: firefox.exe, 0000001D.00000003.2140282344.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1848074887.0000017F7808F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2290001031.0000017F78943000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1964140182.0000017F78947000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1870124138.0000017F6ED7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1973325120.0000017F6B7D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
                Source: firefox.exe, 0000001D.00000003.1847344534.0000017F7851D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2109114445.0000017F6B747000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
                Source: firefox.exe, 0000001D.00000003.1777760415.0000017F781CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
                Source: firefox.exe, 0000001D.00000003.1772471771.0000017F77CAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
                Source: firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
                Source: firefox.exe, 0000001D.00000003.1967910570.0000017F77A91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2204402245.0000017F77ADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2323307878.0000017F77ADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1868267546.0000017F77ADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1999261064.0000017F77ADB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
                Source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
                Source: firefox.exe, 0000001D.00000003.1869311977.0000017F75246000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1854605336.0000017F7523F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2149831709.0000017F75246000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
                Source: firefox.exe, 0000001D.00000003.1869123968.0000017F75248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
                Source: firefox.exe, 0000001D.00000003.1908238046.0000017F6BE2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
                Source: firefox.exe, 0000001D.00000002.2551859399.0000017F5B230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1654753573.0000017F6D037000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
                Source: firefox.exe, 0000001D.00000003.2117366636.0000017F68FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1775270130.0000017F6E6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68FDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1371135104.000001565D059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
                Source: svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1371267633.000001565D081000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369882219.000001565D05A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1370038908.000001565D065000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
                Source: svchost.exe, 00000006.00000003.1369493601.000001565D067000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
                Source: svchost.exe, 00000006.00000003.1369093978.000001565D085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
                Source: svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369882219.000001565D05A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
                Source: svchost.exe, 00000006.00000003.1369493601.000001565D067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1370762210.000001565D02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
                Source: svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1370038908.000001565D065000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1371113577.000001565D050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
                Source: svchost.exe, 00000006.00000002.1371113577.000001565D050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
                Source: svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
                Source: firefox.exe, 0000001D.00000003.1726680504.0000017F77F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
                Source: firefox.exe, 0000001D.00000003.1654753573.0000017F6D037000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
                Source: dllhost.exe, 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, dllhost.exe, 0000001B.00000002.2739528928.000001B6BFEDC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflictx509:
                Source: firefox.exe, 0000001D.00000003.1848074887.0000017F780B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1756284248.0000017F780BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1865175492.0000017F780BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BEB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
                Source: svchost.exe, 00000006.00000003.1370009112.000001565D042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
                Source: svchost.exe, 00000006.00000002.1371113577.000001565D050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
                Source: svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
                Source: svchost.exe, 00000006.00000003.1369611259.000001565D05E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
                Source: svchost.exe, 00000006.00000002.1371065541.000001565D03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1371113577.000001565D050000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
                Source: svchost.exe, 00000006.00000003.1369493601.000001565D067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1370762210.000001565D02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
                Source: firefox.exe, 0000001D.00000003.1870124138.0000017F6ED40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
                Source: firefox.exe, 0000001D.00000003.1664473520.0000017F6E6E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
                Source: firefox.exe, 0000001D.00000003.1664473520.0000017F6E6E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
                Source: firefox.exe, 0000001D.00000003.1667635356.0000017F6E6F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
                Source: firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
                Source: firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851597544.0000017F77E6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
                Source: firefox.exe, 0000001D.00000002.2598663186.0000017F66A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
                Source: firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2187165651.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1898477798.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
                Source: svchost.exe, 00000004.00000003.1203077472.00000213CE9D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
                Source: svchost.exe, 00000004.00000003.1203077472.00000213CE9C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
                Source: firefox.exe, 0000001D.00000003.1870124138.0000017F6ED40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
                Source: firefox.exe, 0000001D.00000003.2159473714.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1872470149.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
                Source: firefox.exe, 0000001D.00000003.2159473714.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1872470149.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
                Source: firefox.exe, 0000001D.00000003.2159473714.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1872470149.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
                Source: firefox.exe, 0000001D.00000003.1654753573.0000017F6D037000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
                Source: firefox.exe, 0000001D.00000003.1653151859.0000017F750F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
                Source: firefox.exe, 0000001D.00000003.1653151859.0000017F750F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
                Source: firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                Source: firefox.exe, 0000001D.00000003.1851597544.0000017F77E6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
                Source: firefox.exe, 0000001D.00000002.2551859399.0000017F5B20B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
                Source: firefox.exe, 0000001D.00000003.1775270130.0000017F6E6C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
                Source: firefox.exe, 0000001D.00000003.1964608700.0000017F7850F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
                Source: firefox.exe, 0000001D.00000003.1964608700.0000017F7850F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
                Source: firefox.exe, 0000001D.00000003.1964608700.0000017F7850F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
                Source: firefox.exe, 0000001D.00000003.1964608700.0000017F7850F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
                Source: firefox.exe, 0000001D.00000003.1964608700.0000017F7850F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
                Source: dllhost.exe, 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://ifconfig.me/ip
                Source: dllhost.exe, 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://ifconfig.me/ipreflectlite.Value.Typereflectlite.Value.ElemSao
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
                Source: firefox.exe, 0000001D.00000003.1879583837.0000017F6D997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
                Source: firefox.exe, 0000001D.00000003.2152801098.0000017F74FB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/e1ebf780-be05-4331-92fe-58c2e
                Source: firefox.exe, 0000001D.00000003.2043821069.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2187165651.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/cc17ce6f-06b5-463f-
                Source: firefox.exe, 0000001D.00000003.2047215943.0000017F6BE45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/c9d2a6b6-ac50-4a5b-a2d7-ae70
                Source: firefox.exe, 0000001D.00000003.1851188608.0000017F77EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851597544.0000017F77EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2125575617.0000017F77EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/ad9a35e0-0f36-4eea
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/cb084379-5d13-4e23
                Source: firefox.exe, 0000001D.00000003.1851188608.0000017F77EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851597544.0000017F77EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2125575617.0000017F77EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/fa67e6fb-f766-4088
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/1864eebe-a97d-4196-ba9e-40ba8339789c/health/
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/4543e2b6-0dac-4484-972e-233c4ffdcfcd/first-s
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/717ed3b2-ea8b-46bf-926c-0346b661d09a/event/F
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/c52da37e-6215-4698-a8c6-7dbc7928eb26/main/Fi
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
                Source: firefox.exe, 0000001D.00000003.1873860896.0000017F6E578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
                Source: firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
                Source: firefox.exe, 0000001D.00000003.2116561845.0000017F69592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
                Source: firefox.exe, 0000001D.00000003.1640714130.0000017F6BE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
                Source: firefox.exe, 0000001D.00000003.2039109632.0000017F6D456000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                Source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                Source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1898751765.0000017F6BFE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
                Source: firefox.exe, 0000001D.00000003.2117366636.0000017F68FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1775270130.0000017F6E6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
                Source: firefox.exe, 0000001D.00000003.1826898523.0000017F7504E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
                Source: firefox.exe, 0000001D.00000003.1826898523.0000017F7504E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
                Source: firefox.exe, 0000001D.00000003.1826898523.0000017F7504E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
                Source: firefox.exe, 0000001D.00000002.2551859399.0000017F5B2D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
                Source: firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
                Source: firefox.exe, 0000001D.00000003.1826898523.0000017F7504E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F66945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net
                Source: firefox.exe, 0000001D.00000003.2134898547.0000017F68125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1/
                Source: firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
                Source: firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
                Source: firefox.exe, 0000001D.00000003.2130602580.0000017F68675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
                Source: firefox.exe, 0000001D.00000003.1893649417.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
                Source: firefox.exe, 0000001D.00000003.1974675604.0000017F6B757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
                Source: firefox.exe, 0000001D.00000003.2293107451.0000017F695C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2196124355.0000017F6BEB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6695A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6695A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6695A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6695A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
                Source: firefox.exe, 0000001D.00000003.2295631940.0000017F68F6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6695A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
                Source: firefox.exe, 0000001D.00000003.1757366636.0000017F7808B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1848074887.0000017F7808B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
                Source: firefox.exe, 0000001D.00000003.1757366636.0000017F7808B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
                Source: firefox.exe, 0000001D.00000003.2130602580.0000017F68675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295063636.0000017F6958D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com
                Source: firefox.exe, 0000001D.00000003.1757366636.0000017F7808B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
                Source: firefox.exe, 0000001D.00000003.2117366636.0000017F68F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1757366636.0000017F7808B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2130602580.0000017F6864D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1848074887.0000017F7808B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2110597333.0000017F6B72A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
                Source: firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2120489419.0000017F68F20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
                Source: firefox.exe, 0000001D.00000003.1726680504.0000017F77F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
                Source: firefox.exe, 0000001D.00000003.1876508466.0000017F6E3BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
                Source: firefox.exe, 0000001D.00000003.2130602580.0000017F6864D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2290001031.0000017F78943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
                Source: x64dbg.exe, 0000000F.00000002.1540286586.00007FFF171FF000.00000008.00000001.01000000.00000000.sdmp, dllhost.exe, 0000001B.00000003.1547958840.000001B6BF170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sg1.t
                Source: dllhost.exe, 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 0000001B.00000002.2680115867.000000C0000B2000.00000004.00001000.00020000.00000000.sdmp, svchost.exeString found in binary or memory: https://sg1.telegram-dns.com/api.php?mod=keys
                Source: dllhost.exe, 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sg1.telegram-dns.com/api.php?mod=keysGOLD
                Source: dllhost.exe, 0000001B.00000002.2680115867.000000C0000B2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sg1.telegram-dns.com/api.php?mod=keysXR/5
                Source: firefox.exe, 0000001D.00000003.2047215943.0000017F6BEB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
                Source: firefox.exe, 0000001D.00000003.1851597544.0000017F77EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2125575617.0000017F77EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
                Source: firefox.exe, 0000001D.00000003.1863350895.0000017F784A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1755468571.0000017F784A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
                Source: firefox.exe, 0000001D.00000003.1905937887.0000017F6BE45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2047215943.0000017F6BE45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
                Source: firefox.exe, 0000001D.00000003.1905937887.0000017F6BE45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2047215943.0000017F6BE45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
                Source: firefox.exe, 0000001D.00000003.1850781613.0000017F77EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2172520747.0000017F6D597000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1884425239.0000017F6D597000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
                Source: firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
                Source: firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
                Source: firefox.exe, 0000001D.00000003.1869685794.0000017F751A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1637172902.0000017F751A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
                Source: firefox.exe, 0000001D.00000003.1640714130.0000017F6BEC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BEF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1966226514.0000017F77D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: firefox.exe, 0000001D.00000003.1667635356.0000017F6E6F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
                Source: firefox.exe, 0000001D.00000003.1667635356.0000017F6E6F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
                Source: firefox.exe, 0000001D.00000003.2038162945.0000017F6D58E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1877226635.0000017F6E363000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2162848829.0000017F6E364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
                Source: firefox.exe, 0000001D.00000003.2140282344.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1873860896.0000017F6E578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851188608.0000017F77EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2043821069.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851597544.0000017F77EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2598663186.0000017F66A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2125575617.0000017F77EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2187165651.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1898477798.0000017F6C33C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
                Source: firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
                Source: firefox.exe, 0000001D.00000003.1863350895.0000017F78470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1863350895.0000017F78483000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1370902385.000001565D036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ss(d
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.PZ
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dyn
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1370902385.000001565D036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualea
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.
                Source: svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
                Source: svchost.exe, 00000006.00000003.1369900454.000001565D046000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
                Source: svchost.exe, 00000006.00000002.1371135104.000001565D059000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369900454.000001565D046000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
                Source: svchost.exe, 00000006.00000003.1369632070.000001565D05D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
                Source: svchost.exe, 00000006.00000002.1370762210.000001565D02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1370902385.000001565D036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.vpg
                Source: svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.x_
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
                Source: firefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
                Source: svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1371135104.000001565D059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
                Source: firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
                Source: firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2293769246.0000017F695A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
                Source: firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
                Source: firefox.exe, 0000001D.00000003.1654753573.0000017F6D037000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
                Source: firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1757082809.0000017F7809F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
                Source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                Source: firefox.exe, 0000001D.00000003.1660367194.0000017F6E428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
                Source: firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
                Source: firefox.exe, 0000001D.00000003.2098941897.0000017F78024000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1757082809.0000017F7809F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1849951763.0000017F78020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: firefox.exe, 0000001D.00000003.2293769246.0000017F695A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2324619499.0000017F74EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
                Source: firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
                Source: firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
                Source: firefox.exe, 0000001D.00000003.1851597544.0000017F77EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
                Source: firefox.exe, 0000001D.00000003.2132130930.0000017F681F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1966226514.0000017F77D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1966226514.0000017F77D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1966226514.0000017F77D2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: firefox.exe, 0000001D.00000003.1853358692.0000017F77ADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2153242963.0000017F74F8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
                Source: firefox.exe, 0000001D.00000003.1863350895.0000017F78470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1863350895.0000017F78483000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
                Source: firefox.exe, 0000001D.00000003.1664473520.0000017F6E6E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
                Source: firefox.exe, 0000001D.00000003.1863350895.0000017F78470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1863350895.0000017F78483000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
                Source: firefox.exe, 0000001D.00000003.2140282344.0000017F6E5B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
                Source: firefox.exe, 0000001D.00000003.2117366636.0000017F68F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851597544.0000017F77EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2132130930.0000017F681F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: firefox.exe, 0000001D.00000003.2140282344.0000017F6E5B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: firefox.exe, 0000001D.00000003.2030071066.0000017F6B3ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
                Source: firefox.exe, 0000001D.00000002.2588461983.0000017F6695A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                Source: firefox.exe, 0000001D.00000003.2335764112.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2038263217.0000017F6D4FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1885583621.0000017F6D4D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
                Source: firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
                Source: firefox.exe, 0000001D.00000003.1844381011.0000017F78598000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: firefox.exe, 0000001D.00000002.2488281230.00000035D3B3C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
                Source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
                Source: firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2293769246.0000017F695A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
                Source: firefox.exe, 0000001D.00000003.2165589783.0000017F6D998000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1879583837.0000017F6D997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1878438496.0000017F6D9EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
                Source: firefox.exe, 0000001D.00000003.2153911341.0000017F74DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1861226510.0000017F74DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49732 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49744 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.16:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49764 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49768 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49773 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49776 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49778 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49779 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49780 version: TLS 1.2
                Source: dllhost.exe, 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: BelowExactAbove#multipartfilesAccept-LanguageX-Forwarded-For()<>@,;:\"/[]?=invalid booleannon-minimal tagunknown Go typeavx512vpopcntdqResetResolution[ERR] socks: %vunhandled stateunexpected flagExcludeClipRectGetEnhMetaFileWGetTextMetricsWPlayEnhMetaFileGdiplusShutdownGetThreadLocaleOleUninitializewglGetCurrentDCDragAcceptFilesCallWindowProcWCreatePopupMenuCreateWindowExWDialogBoxParamWGetActiveWindowGetDpiForWindowGetRawInputDataInsertMenuItemWIsWindowEnabledPostQuitMessageSetActiveWindowSetWinEventHookTrackMouseEventWindowFromPointDrawThemeTextExRequiredNumbersExtensionRangesContainingOneofcontext canceled.WithValue(type 0123456789abcdefTerminateProcessinvalid exchangeno route to hostinvalid argumentmessage too longobject is remoteremote I/O errorSetFilePointerExOpenProcessTokenRegQueryInfoKeyWRegQueryValueExWDnsNameCompare_WCreateDirectoryWFlushFileBuffersGetComputerNameWGetFullPathNameWGetLongPathNameWRemoveDirectoryWNetApiBufferFreeheartbeat packetpsafesystray.exeWindows DefenderAvira(memstr_4a7cc283-0

                E-Banking Fraud

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C00000F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.00000001404EE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6C02A2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.0000000140234000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2680115867.000000C000161000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C000236000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFD8D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 4696, type: MEMORYSTR

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Modifies the hosts file
                Source: C:\Windows\System32\dllhost.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 20.2.DevQueryBroker.exe.1d6789f0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 20.2.DevQueryBroker.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 20.2.DevQueryBroker.exe.1d6789f0000.4.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 20.2.DevQueryBroker.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 27.2.dllhost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                Source: 27.2.dllhost.exe.1b6bf8a0000.1.unpack, type: UNPACKEDPEMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                Source: 0000001B.00000002.2739528928.000001B6BFF28000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                Source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                Source: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 00000014.00000002.1500325866.000001D6789F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: Process Memory Space: dllhost.exe PID: 4696, type: MEMORYSTRMatched rule: Detects Invoke-Mimikatz String Author: Florian Roth
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140003380 GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcessId,OpenProcess,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,GetWindowsDirectoryW,GetModuleFileNameW,ReadProcessMemory,ReadProcessMemory,CloseHandle,20_2_0000000140003380
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140005970 NtWriteVirtualMemory,20_2_0000000140005970
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140005EF0 NtProtectVirtualMemory,20_2_0000000140005EF0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298329D0 memcpy,VirtualProtect,VirtualProtect,VirtualProtect,VirtualProtect,NtFlushInstructionCache,GetCurrentProcess,NtFlushInstructionCache,VirtualProtect,GetModuleHandleA,GetProcAddress,memcpy,20_2_00007FFF298329D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD78212B0 OpenProcess,GetModuleHandleA,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,DuplicateHandle,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,25_2_0000021AD78212B0
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_0000000140002C20 GetCurrentProcessId,VirtualAlloc,LookupAccountSidA,lstrcmpi,lstrcmpi,OpenProcess,LoadLibraryA,GetProcAddress,NtQueryInformationProcess,VirtualFree,26_2_0000000140002C20
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_0000000140002E30 VirtualAlloc,VirtualAlloc,VirtualAlloc,GetFileAttributesA,GetTokenInformation,VirtualAlloc,LookupPrivilegeValueA,DuplicateTokenEx,LoadLibraryA,GetProcAddress,GetLengthSid,SetTokenInformation,LoadLibraryA,GetProcAddress,CreateProcessAsUserA,CreateProcessA,CreateFileA,GetFileSize,VirtualAlloc,ReadFile,CloseHandle,VirtualAlloc,LoadLibraryA,GetProcAddress,VirtualFree,LoadLibraryA,GetProcAddress,NtAllocateVirtualMemory,LoadLibraryA,GetProcAddress,NtWriteVirtualMemory,LoadLibraryA,GetProcAddress,NtQueueApcThread,LoadLibraryA,GetProcAddress,NtResumeThread,CloseHandle,CloseHandle,VirtualFree,VirtualFree,VirtualFree,CloseHandle,LoadLibraryA,GetProcAddress,26_2_0000000140002E30
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 32_2_00000133C3FA8D77 NtQuerySystemInformation,32_2_00000133C3FA8D77
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 32_2_00000133C3FA21F2 NtQuerySystemInformation,32_2_00000133C3FA21F2
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_0000000140002E30 VirtualAlloc,VirtualAlloc,VirtualAlloc,GetFileAttributesA,GetTokenInformation,VirtualAlloc,LookupPrivilegeValueA,DuplicateTokenEx,LoadLibraryA,GetProcAddress,GetLengthSid,SetTokenInformation,LoadLibraryA,GetProcAddress,CreateProcessAsUserA,CreateProcessA,CreateFileA,GetFileSize,VirtualAlloc,ReadFile,CloseHandle,VirtualAlloc,LoadLibraryA,GetProcAddress,VirtualFree,LoadLibraryA,GetProcAddress,NtAllocateVirtualMemory,LoadLibraryA,GetProcAddress,NtWriteVirtualMemory,LoadLibraryA,GetProcAddress,NtQueueApcThread,LoadLibraryA,GetProcAddress,NtResumeThread,CloseHandle,CloseHandle,VirtualFree,VirtualFree,VirtualFree,CloseHandle,LoadLibraryA,GetProcAddress,26_2_0000000140002E30
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3f0e07.msiJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI121E.tmpJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI125D.tmpJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{36223E43-53E4-48EA-A1A6-71345F08EA65}Jump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI12FB.tmpJump to behavior
                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\LogsJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Logs\windows-update-log-20241220.logJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Logs\windows-update-log-20241220.log_lockJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI121E.tmpJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF299759BC15_2_00007FFF299759BC
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997385815_2_00007FFF29973858
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995882415_2_00007FFF29958824
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29956BF415_2_00007FFF29956BF4
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29968AD815_2_00007FFF29968AD8
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29952AA415_2_00007FFF29952AA4
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995DDFC15_2_00007FFF2995DDFC
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29954D8415_2_00007FFF29954D84
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29982FF715_2_00007FFF29982FF7
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29951F7C15_2_00007FFF29951F7C
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF29979E9C15_2_00007FFF29979E9C
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995CE7C15_2_00007FFF2995CE7C
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF299751D015_2_00007FFF299751D0
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995413815_2_00007FFF29954138
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995605015_2_00007FFF29956050
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997D29415_2_00007FFF2997D294
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF299785C415_2_00007FFF299785C4
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF299535CC15_2_00007FFF299535CC
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997961815_2_00007FFF29979618
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995D5EC15_2_00007FFF2995D5EC
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF299565F415_2_00007FFF299565F4
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995154015_2_00007FFF29951540
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997253815_2_00007FFF29972538
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997159815_2_00007FFF29971598
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997451415_2_00007FFF29974514
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2995845415_2_00007FFF29958454
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997D69415_2_00007FFF2997D694
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140001C0020_2_0000000140001C00
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140003CB020_2_0000000140003CB0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014002604420_2_0000000140026044
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001A05C20_2_000000014001A05C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00000001400020D020_2_00000001400020D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014003F2F020_2_000000014003F2F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001736420_2_0000000140017364
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014002738420_2_0000000140027384
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001FC0420_2_000000014001FC04
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001AD1820_2_000000014001AD18
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001A53C20_2_000000014001A53C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001655020_2_0000000140016550
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140022E6020_2_0000000140022E60
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001F77820_2_000000014001F778
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014002179420_2_0000000140021794
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298319F020_2_00007FFF298319F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987C83520_2_00007FFF2987C835
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2985087020_2_00007FFF29850870
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2986EBF020_2_00007FFF2986EBF0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987AB8520_2_00007FFF2987AB85
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298D0AA020_2_00007FFF298D0AA0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29872B0020_2_00007FFF29872B00
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2986ADB020_2_00007FFF2986ADB0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29834DD020_2_00007FFF29834DD0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29888C4B20_2_00007FFF29888C4B
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29848C6020_2_00007FFF29848C60
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29886FBD20_2_00007FFF29886FBD
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988100020_2_00007FFF29881000
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29852F3020_2_00007FFF29852F30
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29878EA020_2_00007FFF29878EA0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298861AD20_2_00007FFF298861AD
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2985403020_2_00007FFF29854030
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987009020_2_00007FFF29870090
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298D02D020_2_00007FFF298D02D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2985427020_2_00007FFF29854270
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298845A020_2_00007FFF298845A0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988A5D020_2_00007FFF2988A5D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988255020_2_00007FFF29882550
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2989655020_2_00007FFF29896550
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988058020_2_00007FFF29880580
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2984879020_2_00007FFF29848790
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2986278020_2_00007FFF29862780
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988C70020_2_00007FFF2988C700
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987E65020_2_00007FFF2987E650
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2984E64020_2_00007FFF2984E640
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987B9D320_2_00007FFF2987B9D3
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298479F020_2_00007FFF298479F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2986183020_2_00007FFF29861830
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988BBF020_2_00007FFF2988BBF0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987FB2020_2_00007FFF2987FB20
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29889AD020_2_00007FFF29889AD0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29881AE020_2_00007FFF29881AE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29853A5020_2_00007FFF29853A50
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988DDC020_2_00007FFF2988DDC0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29887DEF20_2_00007FFF29887DEF
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29861E0020_2_00007FFF29861E00
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2984FD5020_2_00007FFF2984FD50
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29853D4020_2_00007FFF29853D40
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29873D7020_2_00007FFF29873D70
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29879CD320_2_00007FFF29879CD3
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29899F6020_2_00007FFF29899F60
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987F0B020_2_00007FFF2987F0B0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988B0F020_2_00007FFF2988B0F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298E73C020_2_00007FFF298E73C0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988537D20_2_00007FFF2988537D
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987139020_2_00007FFF29871390
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2986B30020_2_00007FFF2986B300
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2988D25020_2_00007FFF2988D250
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2984B61020_2_00007FFF2984B610
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2987D73920_2_00007FFF2987D739
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF298D36D020_2_00007FFF298D36D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB49EC20_2_00007FFF29DB49EC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E109B020_2_00007FFF29E109B0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC998C20_2_00007FFF29DC998C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29D9898420_2_00007FFF29D98984
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC298420_2_00007FFF29DC2984
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBC97820_2_00007FFF29DBC978
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBA97C20_2_00007FFF29DBA97C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E2C95C20_2_00007FFF29E2C95C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBF8E820_2_00007FFF29DBF8E8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DCA8F820_2_00007FFF29DCA8F8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB38F020_2_00007FFF29DB38F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E078C420_2_00007FFF29E078C4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB88D020_2_00007FFF29DB88D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DDF8BC20_2_00007FFF29DDF8BC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DCAC1020_2_00007FFF29DCAC10
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DF0BD820_2_00007FFF29DF0BD8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DDAB1820_2_00007FFF29DDAB18
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DA4AEC20_2_00007FFF29DA4AEC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC8AA420_2_00007FFF29DC8AA4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E2EA9420_2_00007FFF29E2EA94
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB0A9020_2_00007FFF29DB0A90
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB7A7420_2_00007FFF29DB7A74
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC2A5C20_2_00007FFF29DC2A5C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E09A4820_2_00007FFF29E09A48
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DE8A5420_2_00007FFF29DE8A54
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DDDA3420_2_00007FFF29DDDA34
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DD8E0820_2_00007FFF29DD8E08
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29D9FE1020_2_00007FFF29D9FE10
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC9DF020_2_00007FFF29DC9DF0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DCCDA020_2_00007FFF29DCCDA0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DA3D7820_2_00007FFF29DA3D78
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBBD1C20_2_00007FFF29DBBD1C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E0DCF820_2_00007FFF29E0DCF8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DD7CE420_2_00007FFF29DD7CE4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DD6CE020_2_00007FFF29DD6CE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E15CE020_2_00007FFF29E15CE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBFCB020_2_00007FFF29DBFCB0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC4C8820_2_00007FFF29DC4C88
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DE6C9820_2_00007FFF29DE6C98
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBAC9C20_2_00007FFF29DBAC9C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E33C4020_2_00007FFF29E33C40
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E12C4420_2_00007FFF29E12C44
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC5C3420_2_00007FFF29DC5C34
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E2001820_2_00007FFF29E20018
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DFA00420_2_00007FFF29DFA004
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E04FC820_2_00007FFF29E04FC8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DA0F9C20_2_00007FFF29DA0F9C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB9F6C20_2_00007FFF29DB9F6C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC4F4C20_2_00007FFF29DC4F4C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DE7F0C20_2_00007FFF29DE7F0C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB7EF820_2_00007FFF29DB7EF8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E00EF420_2_00007FFF29E00EF4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E05EBC20_2_00007FFF29E05EBC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E2BE7820_2_00007FFF29E2BE78
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBB20020_2_00007FFF29DBB200
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E031C420_2_00007FFF29E031C4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DE61C020_2_00007FFF29DE61C0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC515820_2_00007FFF29DC5158
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E0F14C20_2_00007FFF29E0F14C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29D9D0C420_2_00007FFF29D9D0C4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DF808C20_2_00007FFF29DF808C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E0D09820_2_00007FFF29E0D098
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E0A05020_2_00007FFF29E0A050
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DBC02C20_2_00007FFF29DBC02C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E1602820_2_00007FFF29E16028
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E2502A20_2_00007FFF29E2502A
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E1340020_2_00007FFF29E13400
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DE33C020_2_00007FFF29DE33C0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC83DC20_2_00007FFF29DC83DC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E0639420_2_00007FFF29E06394
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DEC36020_2_00007FFF29DEC360
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E3133020_2_00007FFF29E31330
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E1633420_2_00007FFF29E16334
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC232C20_2_00007FFF29DC232C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DE12CC20_2_00007FFF29DE12CC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD78212B025_2_0000021AD78212B0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD782161025_2_0000021AD7821610
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD782662C25_2_0000021AD782662C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD7827C0825_2_0000021AD7827C08
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD782DB2825_2_0000021AD782DB28
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000240026_2_0000000140002400
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000289026_2_0000000140002890
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_0000000140002E3026_2_0000000140002E30
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_0000000140001E8026_2_0000000140001E80
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_00000001400012D026_2_00000001400012D0
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000899026_2_0000000140008990
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000FE3826_2_000000014000FE38
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000A34826_2_000000014000A348
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014023AC8030_2_000000014023AC80
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_0000000140263AE030_2_0000000140263AE0
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_00000001402544E030_2_00000001402544E0
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014023416030_2_0000000140234160
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014024293030_2_0000000140242930
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014025834030_2_0000000140258340
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014025038030_2_0000000140250380
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014005B1C030_2_000000014005B1C0
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_0000000140065A0130_2_0000000140065A01
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014005726030_2_0000000140057260
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014024646030_2_0000000140246460
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014025278030_2_0000000140252780
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 32_2_00000133C3FA8D7732_2_00000133C3FA8D77
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 32_2_00000133C3FA21F232_2_00000133C3FA21F2
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 32_2_00000133C3FA223232_2_00000133C3FA2232
                Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 32_2_00000133C3FA291C32_2_00000133C3FA291C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298EBFA0 appears 75 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298EAEB0 appears 40 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298EB050 appears 54 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298B14D0 appears 43 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298B1A70 appears 48 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298E60F0 appears 155 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298EB260 appears 130 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298D4A20 appears 127 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298ABBB0 appears 44 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF298EC090 appears 96 times
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: String function: 00007FFF2983D710 appears 146 times
                Source: updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exe.1.drStatic PE information: Resource name: CABINET type: Microsoft Cabinet archive data, many, 14750082 bytes, 238 files, at 0x2c +A "Powershell\MSFT_MpComputerStatus.cdxml" +A "Powershell\MSFT_MpPreference.cdxml", number 1, 1676 datablocks, 0x1503 compression
                Source: x64bridge.dll.1.drStatic PE information: Number of sections : 12 > 10
                Source: HealthServiceRuntime.dll.15.drStatic PE information: Number of sections : 12 > 10
                Source: log70D9.tmp.15.drStatic PE information: Number of sections : 12 > 10
                Source: DevQueryBrokerService.dll.26.drStatic PE information: Number of sections : 12 > 10
                Source: 20.2.DevQueryBroker.exe.1d6789f0000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 20.2.DevQueryBroker.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 20.2.DevQueryBroker.exe.1d6789f0000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 20.2.DevQueryBroker.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 27.2.dllhost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 27.2.dllhost.exe.1b6bf8a0000.1.unpack, type: UNPACKEDPEMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0000001B.00000002.2739528928.000001B6BFF28000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 00000014.00000002.1500325866.000001D6789F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: Process Memory Space: dllhost.exe PID: 4696, type: MEMORYSTRMatched rule: Invoke_Mimikatz date = 2016-08-03, hash1 = f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67, author = Florian Roth, description = Detects Invoke-Mimikatz String, reference = https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: classification engineClassification label: mal100.troj.adwa.spyw.expl.evad.winMSI@61/109@70/18
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF2983CF10 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,20_2_00007FFF2983CF10
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2996C060 wcslen,wcslen,GetDiskFreeSpaceExW,??3@YAXPEAX@Z,15_2_00007FFF2996C060
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetFileAttributesA,Sleep,GetVersionExA,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,ChangeServiceConfigA,StartServiceA,CloseServiceHandle,CloseServiceHandle,20_2_00000001400020D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140001510 CreateToolhelp32Snapshot,Process32FirstW,lstrcmpiW,Process32NextW,CloseHandle,GetCurrentProcess,CloseHandle,20_2_0000000140001510
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00000001400020D0 GetFileAttributesA,Sleep,GetVersionExA,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,ChangeServiceConfigA,StartServiceA,CloseServiceHandle,CloseServiceHandle,20_2_00000001400020D0
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Microsoft.NET\RepairJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InputMethodJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeMutant created: \Sessions\1\BaseNamedObjects\NeBoAaAa__shmem3_winpthreads_tdm_
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMutant created: \BaseNamedObjects\GmAlAaAa__shmem3_winpthreads_tdm_
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7908:120:WilError_03
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMutant created: \Sessions\1\BaseNamedObjects\JmBpAaAa__shmem3_winpthreads_tdm_
                Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\??
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8008:120:WilError_03
                Source: C:\Windows\System32\dllhost.exeMutant created: \BaseNamedObjects\??
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeMutant created: \Sessions\1\BaseNamedObjects\Mutex6873665297465261609841626463
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMutant created: \Sessions\1\BaseNamedObjects\NeAlAaAa__shmem3_winpthreads_tdm_
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7932:120:WilError_03
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC5A4.tmpJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: C:\Windows\system32\715775522d1f034742ca5340a7e14c84528c5f5e79621ea6e374aa001a510ae1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
                Source: C:\Windows\System32\svchost.exeFile opened: C:\Windows\system32\dd0898e4c353dfcaf7638293ef3e3e62749ea033f100ab3c7be3209d30080989AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                Source: C:\Windows\System32\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
                Source: C:\Windows\System32\svchost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
                Source: firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
                Source: DevQueryBroker.exeString found in binary or memory: -install
                Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\NetFxRepairTools.msi"
                Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 74DBC12C47BBA93F00B18D929CC9320B C
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
                Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,5525789345313659739,3958555170584979043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 51EA4663DED3D36C59DE5090ACBE1A6A
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe "C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe"
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c mkdir C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                Source: unknownProcess created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe "C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe"
                Source: unknownProcess created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe -svc
                Source: C:\Windows\System32\spoolsv.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe
                Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
                Source: C:\Windows\System32\spoolsv.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c29272-6054-4f1c-9b1f-da39f589753f} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b26d910 socket
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -parentBuildID 20230927232528 -prefsHandle 2952 -prefMapHandle 3800 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d1e68a-4ba2-43e6-96ba-4f30bec53afc} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b241410 rdd
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5100 -prefMapHandle 5132 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb2d306b-13c2-47c1-93ff-384e016ef4a7} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f78090f10 utility
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 74DBC12C47BBA93F00B18D929CC9320B CJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 51EA4663DED3D36C59DE5090ACBE1A6AJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,5525789345313659739,3958555170584979043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c mkdir C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exeJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c29272-6054-4f1c-9b1f-da39f589753f} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b26d910 socketJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -parentBuildID 20230927232528 -prefsHandle 2952 -prefMapHandle 3800 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d1e68a-4ba2-43e6-96ba-4f30bec53afc} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b241410 rddJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5100 -prefMapHandle 5132 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb2d306b-13c2-47c1-93ff-384e016ef4a7} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f78090f10 utilityJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeSection loaded: x64bridge.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeSection loaded: msvcp120.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeSection loaded: msvcr120.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeSection loaded: dbgcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: msvcr120.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: healthserviceruntime.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: amsi.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: comsvcs.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: cmlua.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: cmutil.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: version.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: wldp.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: msvcr120.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: healthserviceruntime.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: amsi.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: msvcr120.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: healthserviceruntime.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: amsi.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\spoolsv.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: samlib.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: firewallapi.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: fwbase.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\dllhost.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winmm.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sxs.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafc6-7f19-11d2-978e-0000f8757e2a}\InprocServer32Jump to behavior
                Source: Google Drive.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: YouTube.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Sheets.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Gmail.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Slides.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Docs.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeFile written: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\temp.iniJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: NetFxRepairTools.msiStatic file information: File size 27435008 > 1048576
                Source: Binary string: UxTheme.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000001D.00000003.1954223412.0000017F6AEB0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winsta.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ktmw32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: WscApi.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000001D.00000003.1946387351.0000017F6AEAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: k32.pdb source: firefox.exe, 0000001D.00000003.1947431144.0000017F6AE52000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: xul.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nssckbi.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winnsi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dcomp.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ntmarta.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: urlmon.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7522D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shlwapi.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msvcr120.amd64.pdb source: x64dbg.exe, 0000000F.00000002.1545832024.00007FFF293E3000.00000002.00000001.01000000.00000000.sdmp, x64dbg.exe, 0000000F.00000002.1539596314.0000025482240000.00000004.00001000.00020000.00000000.sdmp, DevQueryBroker.exe, 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmp
                Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: win32u.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dwmapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: srvcli.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: imm32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: freebl3.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000001D.00000003.1905937887.0000017F6BEA8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ws2_32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8imagehlp.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: mswsock.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nsi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: MonitoringHost.pdb source: x64dbg.exe, 0000000F.00000002.1538789669.00000254806C0000.00000004.00001000.00020000.00000000.sdmp, DevQueryBroker.exe, 00000014.00000000.1487698551.00007FF6414A1000.00000020.00000001.01000000.0000000A.sdmp
                Source: Binary string: winmm.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ole32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msasn1.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: DWrite.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: combase.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\x64_dbg\bin\x64\x64dbg_exe.pdb source: x64dbg.exe, 0000000F.00000002.1539933595.00007FF786E53000.00000002.00000001.01000000.00000000.sdmp, x64dbg.exe, 0000000F.00000000.1413139228.00007FF786E53000.00000002.00000001.01000000.00000006.sdmp
                Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7523F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1869123968.0000017F75248000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ncrypt.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nss3.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wsock32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1918710551.0000017F6AE50000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wininet.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: UMPDC.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7522D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wshbth.pdb source: firefox.exe, 0000001D.00000003.1954223412.0000017F6AEB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wsock32.pdbUGP source: firefox.exe, 0000001D.00000003.1918710551.0000017F6AE50000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000001D.00000003.1854605336.0000017F7522D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shcore.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8audioses.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8netutils.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: sspicli.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shell32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msvcp120.amd64.pdb source: x64dbg.exe, 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmp
                Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000001D.00000003.1946387351.0000017F6AEAA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dnsapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: userenv.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: nlaapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winhttp.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msimg32.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ntasn1.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: devobj.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d3d11.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: MonitoringHost.pdb33H source: x64dbg.exe, 0000000F.00000002.1538789669.00000254806C0000.00000004.00001000.00020000.00000000.sdmp, DevQueryBroker.exe, 00000014.00000000.1487698551.00007FF6414A1000.00000020.00000001.01000000.0000000A.sdmp
                Source: Binary string: dbghelp.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000001D.00000003.1868267546.0000017F77AB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: gdi32.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: profapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: avrt.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: WLDP.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: propsys.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: k32.pdbUGP source: firefox.exe, 0000001D.00000003.1947431144.0000017F6AE52000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winrnr.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: msctf.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: version.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dbgcore.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: mscms.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: twinapi.pdb source: firefox.exe, 0000001D.00000003.1896559623.0000017F78A5D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000001D.00000003.2271444817.0000017F7A1D2000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: psapi.pdb source: firefox.exe, 0000001D.00000003.1908572125.0000017F78950000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: dxgi.pdb source: firefox.exe, 0000001D.00000003.1844381011.0000017F785C5000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Detected unpacking (creates a PE file in dynamic memory)
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeUnpacked PE file: 20.2.DevQueryBroker.exe.140000000.0.unpack
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140003CB0 GetTickCount64,Sleep,GetTickCount64,GetFileAttributesA,CreateFileA,GetFileSize,VirtualAlloc,ReadFile,CloseHandle,ExitProcess,CloseHandle,GetModuleHandleA,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,CloseHandle,GetFileAttributesA,SetFileAttributesA,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,AllocateAndInitializeSid,CheckTokenMembership,GetLastError,FreeSid,MultiByteToWideChar,MultiByteToWideChar,CoInitializeEx,CoGetObject,CoUninitialize,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,RegOpenKeyExA,RegQueryValueExW,RegCloseKey,RegOpenKeyExA,RegDeleteValueW,RegCloseKey,CreateFileMappingA,MapViewOfFile,lstrcmpiA,LoadLibraryW,GetProcAddress,FreeLibrary,GetFileAttributesA,CreateProcessW,20_2_0000000140003CB0
                Source: HealthServiceRuntime.dll.15.drStatic PE information: real checksum: 0xfa701 should be: 0xfa686
                Source: log70D9.tmp.15.drStatic PE information: real checksum: 0xfa701 should be: 0xf5758
                Source: DevQueryBrokerService.dll.26.drStatic PE information: real checksum: 0xfeab6 should be: 0xef5f0
                Source: NetFxRepairTool.exe.1.drStatic PE information: section name: .boxld01
                Source: updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exe.1.drStatic PE information: section name: fothk
                Source: x64bridge.dll.1.drStatic PE information: section name: .xdata
                Source: HealthServiceRuntime.dll.15.drStatic PE information: section name: .xdata
                Source: log70D9.tmp.15.drStatic PE information: section name: .xdata
                Source: DevQueryBrokerService.dll.26.drStatic PE information: section name: .xdata
                Source: gmpopenh264.dll.tmp.29.drStatic PE information: section name: .rodata
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2996706E push rcx; ret 15_2_00007FFF2996706F
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E18A19 push rdi; ret 20_2_00007FFF29E18A22
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E189EF push rdi; ret 20_2_00007FFF29E18A22
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29E18F25 push rdi; ret 20_2_00007FFF29E18F2B
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD783548D push rcx; retf 003Fh25_2_0000021AD783548E
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_0000000140240819 push esp; retf 30_2_000000014024081A
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_0000000140250C68 push edx; ret 30_2_0000000140250C6B
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_0000000140066425 push E7333D83h; retf 0000h30_2_000000014006642A

                Persistence and Installation Behavior

                barindex
                Creates files in the system32 config directory
                Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\LogsJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Logs\windows-update-log-20241220.logJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Logs\windows-update-log-20241220.log_lockJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI121E.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1FDF.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\HealthServiceRuntime.dllJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC5A4.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\Users\user\AppData\Local\Temp\log8A9F.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\msvcr120.dllJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC642.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: :Shl (copy)Jump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI125D.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\Users\user\AppData\Local\Temp\log74A4.tmpJump to dropped file
                Source: C:\Windows\System32\spoolsv.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\78E3D2D7\DevQueryBrokerService.dllJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC700.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcr120.dllJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcp120.dllJump to dropped file
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC653.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC612.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64bridge.dllJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\Users\user\AppData\Local\Temp\log70D9.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Microsoft.NET\Repair\NetFxRepairTool.exeJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exeJump to dropped file
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC682.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\HealthServiceRuntime.dllJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeFile created: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\msvcr120.dllJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI121E.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI125D.tmpJump to dropped file
                Source: C:\Windows\System32\spoolsv.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DevQueryBrokerServiceSvcJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00000001400020D0 GetFileAttributesA,Sleep,GetVersionExA,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,ChangeServiceConfigA,StartServiceA,CloseServiceHandle,CloseServiceHandle,20_2_00000001400020D0

                Hooking and other Techniques for Hiding and Protection

                barindex
                May use the Tor software to hide its network traffic
                Source: x64dbg.exe, 0000000F.00000002.1540286586.00007FFF171FF000.00000008.00000001.01000000.00000000.sdmp, dllhost.exe, 0000001B.00000003.1547958840.000001B6BF170000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: tOrInit
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB0A90 GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,DecodePointer,20_2_00007FFF29DB0A90
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\dllhost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\dllhost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\dllhost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                Source: C:\Windows\System32\svchost.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Queries memory information (via WMI often done to detect virtual machines)
                Source: C:\Windows\System32\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
                Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
                Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                Source: C:\Windows\System32\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
                Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PhysicalMemory
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE"C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE" C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXEWINSTA0\DEFAULT
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE"
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE
                Source: x64dbg.exe, 0000000F.00000002.1546032816.00007FFF29400000.00000004.00000001.01000000.00000000.sdmp, x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ALI\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE5'
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXEER.EXET$
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXEER.EXE
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DEVICE\HARDDISKVOLUME3\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\USERS\user\APPDATA\ROAMING\MICROSOFT\INPUTMETHOD\CHS\ONLINEROAMING\X64DBG.EXE''
                Source: x64dbg.exe, 0000000F.00000002.1538935134.00000254806E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\TEMP\ASLLOG_APPHELPDEBUG_X64DBG.EXE_7892.TXT
                Source: DevQueryBroker.exe, 00000018.00000003.1505318447.00000285D1618000.00000004.00000800.00020000.00000000.sdmp, DevQueryBroker.exe, 00000019.00000003.1511864185.0000021AD7858000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: X64DBG.EXEX
                Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014006C060 rdtscp 30_2_000000014006C060
                Source: C:\Windows\System32\spoolsv.exeThread delayed: delay time: 300000Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeThread delayed: delay time: 300000Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeWindow / User API: threadDelayed 876Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\78E3D2D7\DevQueryBrokerService.dllJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI121E.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1FDF.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC700.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC5A4.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC653.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC642.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC612.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\log70D9.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeDropped PE file which has not been started: :Shl (copy)Jump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\Repair\NetFxRepairTool.exeJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI125D.tmpJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exeJump to dropped file
                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC682.tmpJump to dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\log74A4.tmpJump to dropped file
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeAPI coverage: 4.1 %
                Source: C:\Windows\System32\svchost.exe TID: 3704Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\System32\spoolsv.exe TID: 2384Thread sleep count: 876 > 30Jump to behavior
                Source: C:\Windows\System32\spoolsv.exe TID: 2384Thread sleep time: -262800000s >= -30000sJump to behavior
                Source: C:\Windows\System32\spoolsv.exe TID: 2384Thread sleep time: -300000s >= -30000sJump to behavior
                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                Source: C:\Windows\System32\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                Source: C:\Windows\System32\spoolsv.exeLast function: Thread delayed
                Source: C:\Windows\System32\spoolsv.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2996BB84 wcslen,wcslen,FindFirstFileExW,FindClose,wcscpy_s,??3@YAXPEAX@Z,15_2_00007FFF2996BB84
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014001FC04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,20_2_000000014001FC04
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB6974 _errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,__time64_t_from_ft,__time64_t_from_ft,__time64_t_from_ft,20_2_00007FFF29DB6974
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB4924 _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,20_2_00007FFF29DB4924
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB88D0 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime32_t,free,_wsopen_s,_fstat32i64,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FindClose,__wdtoxmode,GetLastError,_dosmaperr,FindClose,GetLastError,_dosmaperr,FindClose,20_2_00007FFF29DB88D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB6BE0 _errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,__time64_t_from_ft,__time64_t_from_ft,__time64_t_from_ft,20_2_00007FFF29DB6BE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB7A74 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime32_t,free,_errno,__doserrno,_wsopen_s,_fstat32,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime32_t,FindClose,__wdtoxmode,_errno,GetLastError,_dosmaperr,FindClose,20_2_00007FFF29DB7A74
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB7EF8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_wfullpath,_errno,_errno,_errno,_wfullpath,IsRootUNCName,GetDriveTypeW,free,__loctotime64_t,free,_wsopen_s,_fstat64,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,__loctotime64_t,FindClose,__wdtoxmode,GetLastError,_dosmaperr,FindClose,GetLastError,_dosmaperr,FindClose,20_2_00007FFF29DB7EF8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DB433C _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,20_2_00007FFF29DB433C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD7827C08 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,25_2_0000021AD7827C08
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000A348 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,26_2_000000014000A348
                Source: C:\Windows\System32\spoolsv.exeThread delayed: delay time: 300000Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeThread delayed: delay time: 300000Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                Source: firefox.exe, 0000001D.00000003.1899058129.0000017F5CE24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWkpy
                Source: svchost.exe, 0000000A.00000002.2463269114.0000015157A65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: svchost.exe, 0000000A.00000002.2457243886.0000015157A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: svchost.exe, 0000000A.00000002.2463269114.0000015157A84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                Source: dllhost.exe, 0000001B.00000003.1592638407.000001B6BF0B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MB]
                Source: dllhost.exe, 0000001B.00000003.1591834362.000001B6BF0F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBLMEM
                Source: svchost.exe, 00000004.00000002.2524503310.00000213CEC65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2475542870.00000213C942B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2520542712.00000213CEC5F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2562169438.0000017F5CDE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: svchost.exe, 0000000A.00000002.2463269114.0000015157A65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                Source: svchost.exe, 0000000A.00000002.2451509178.0000015157A0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
                Source: svchost.exe, 0000000A.00000002.2463269114.0000015157A65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                Source: dllhost.exe, 0000001B.00000003.1591834362.000001B6BF0F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                Source: svchost.exe, 0000000A.00000002.2457243886.0000015157A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: svchost.exe, 0000000A.00000002.2463269114.0000015157A65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                Source: firefox.exe, 0000001D.00000003.1899058129.0000017F5CE45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWNG%SystemRoot%\system32\mswsock.dllOFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTD
                Source: svchost.exe, 0000000A.00000002.2460031525.0000015157A4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                Source: dllhost.exe, 0000001B.00000003.1592638407.000001B6BF0B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MB)
                Source: spoolsv.exe, 0000001A.00000000.1512189766.00000000005CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: dllhost.exe, 0000001B.00000002.2727170765.000001B6BF07C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll||
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeAPI call chain: ExitProcess graph end nodegraph_20-119235
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeAPI call chain: ExitProcess graph end nodegraph_20-119219
                Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeCode function: 30_2_000000014006C060 rdtscp 30_2_000000014006C060
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997F03C IsDebuggerPresent,__crt_debugger_hook,__crtTerminateProcess,15_2_00007FFF2997F03C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014000F8DC GetLastError,IsDebuggerPresent,OutputDebugStringW,20_2_000000014000F8DC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140003CB0 GetTickCount64,Sleep,GetTickCount64,GetFileAttributesA,CreateFileA,GetFileSize,VirtualAlloc,ReadFile,CloseHandle,ExitProcess,CloseHandle,GetModuleHandleA,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,CloseHandle,GetFileAttributesA,SetFileAttributesA,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,AllocateAndInitializeSid,CheckTokenMembership,GetLastError,FreeSid,MultiByteToWideChar,MultiByteToWideChar,CoInitializeEx,CoGetObject,CoUninitialize,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,RegOpenKeyExA,RegQueryValueExW,RegCloseKey,RegOpenKeyExA,RegDeleteValueW,RegCloseKey,CreateFileMappingA,MapViewOfFile,lstrcmpiA,LoadLibraryW,GetProcAddress,FreeLibrary,GetFileAttributesA,CreateProcessW,20_2_0000000140003CB0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140020E30 GetProcessHeap,20_2_0000000140020E30
                Source: C:\Windows\System32\svchost.exeProcess token adjusted: Debug
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014002B298 SetUnhandledExceptionFilter,20_2_000000014002B298
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014000CCF8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_000000014000CCF8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_000000014000CEE0 SetUnhandledExceptionFilter,20_2_000000014000CEE0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00000001400156F0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00000001400156F0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD78275F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_0000021AD78275F8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD78221C0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_0000021AD78221C0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD782F0B0 SetUnhandledExceptionFilter,25_2_0000021AD782F0B0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 25_2_0000021AD78223A4 SetUnhandledExceptionFilter,25_2_0000021AD78223A4
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_000000014000987C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_000000014000987C
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_00000001400040A0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00000001400040A0
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_00000001400111B0 SetUnhandledExceptionFilter,26_2_00000001400111B0
                Source: C:\Windows\System32\spoolsv.exeCode function: 26_2_0000000140004284 SetUnhandledExceptionFilter,26_2_0000000140004284

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Early bird code injection technique detected
                Source: C:\Windows\System32\spoolsv.exeProcess created / APC Queued / Resumed: C:\Windows\System32\svchost.exeJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess created / APC Queued / Resumed: C:\Windows\System32\dllhost.exeJump to behavior
                Allocates memory in foreign processes
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMemory allocated: C:\Windows\System32\spoolsv.exe base: 7A0000 protect: page execute and read and writeJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMemory allocated: C:\Windows\System32\spoolsv.exe base: 7B0000 protect: page read and writeJump to behavior
                Source: C:\Windows\System32\spoolsv.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1B6BEEB0000 protect: page execute and read and writeJump to behavior
                Source: C:\Windows\System32\spoolsv.exeMemory allocated: C:\Windows\System32\svchost.exe base: 237D7E20000 protect: page execute and read and writeJump to behavior
                Hijacks the control flow in another process
                Source: C:\Windows\System32\spoolsv.exeMemory written: PID: 4696 base: 1B6BEEB0000 value: E9Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeMemory written: PID: 7660 base: 237D7E20000 value: E9Jump to behavior
                Modifies the hosts file
                Source: C:\Windows\System32\dllhost.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\System32\spoolsv.exeThread APC queued: target process: C:\Windows\System32\dllhost.exeJump to behavior
                Writes to foreign memory regions
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMemory written: C:\Windows\System32\spoolsv.exe base: 7A0000Jump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeMemory written: C:\Windows\System32\spoolsv.exe base: 7B0000Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeMemory written: C:\Windows\System32\dllhost.exe base: 1B6BEEB0000Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeMemory written: C:\Windows\System32\svchost.exe base: 237D7E20000Jump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetCurrentProcessId,OpenProcess,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,GetWindowsDirectoryW,GetModuleFileNameW,ReadProcessMemory,ReadProcessMemory,CloseHandle, \explorer.exe20_2_0000000140003380
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c mkdir C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\Jump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exeJump to behavior
                Source: C:\Windows\System32\spoolsv.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dllJump to behavior
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_0000000140003CB0 GetTickCount64,Sleep,GetTickCount64,GetFileAttributesA,CreateFileA,GetFileSize,VirtualAlloc,ReadFile,CloseHandle,ExitProcess,CloseHandle,GetModuleHandleA,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,CloseHandle,GetFileAttributesA,SetFileAttributesA,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,AllocateAndInitializeSid,CheckTokenMembership,GetLastError,FreeSid,MultiByteToWideChar,MultiByteToWideChar,CoInitializeEx,CoGetObject,CoUninitialize,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,GetFileAttributesA,CreateFileA,WriteFile,CloseHandle,RegOpenKeyExA,RegQueryValueExW,RegCloseKey,RegOpenKeyExA,RegDeleteValueW,RegCloseKey,CreateFileMappingA,MapViewOfFile,lstrcmpiA,LoadLibraryW,GetProcAddress,FreeLibrary,GetFileAttributesA,CreateProcessW,20_2_0000000140003CB0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00000001400279F0 cpuid 20_2_00000001400279F0
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,15_2_00007FFF2996E0E8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: EnumSystemLocalesW,20_2_0000000140023820
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,20_2_00000001400238B8
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetLocaleInfoW,20_2_000000014001EA14
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetLocaleInfoW,20_2_0000000140023B04
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,20_2_0000000140023404
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,20_2_0000000140023C5C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetLocaleInfoW,20_2_0000000140023D0C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,20_2_0000000140023E38
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: EnumSystemLocalesW,20_2_000000014001E6C0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: EnumSystemLocalesW,20_2_0000000140023750
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,EnumSystemLocalesW,20_2_00007FFF29E0A9EC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,20_2_00007FFF29E00938
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,TestDefaultLanguage,20_2_00007FFF29E0AB34
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,EnumSystemLocalesW,20_2_00007FFF29E0AAA0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,TestDefaultLanguage,20_2_00007FFF29E0AD64
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,_getptd,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,_getptd,EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,__crtDownlevelLCIDToLocaleName,__crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,_itow_s,20_2_00007FFF29E0B008
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,20_2_00007FFF29E07FB4
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,GetLocaleInfoW,20_2_00007FFF29E0AF60
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,20_2_00007FFF29E02F1C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,20_2_00007FFF29E08ECC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,20_2_00007FFF29E0AEB0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: __crtGetLocaleInfoEx,malloc,__crtGetLocaleInfoEx,WideCharToMultiByte,free,20_2_00007FFF29E07E48
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: EnumSystemLocalesW,20_2_00007FFF29E02E5C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,20_2_00007FFF29E081FC
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: _getptd,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,TestDefaultCountry,__crtGetLocaleInfoEx,TestDefaultCountry,_getptd,__crtGetLocaleInfoEx,20_2_00007FFF29E0A050
                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\Windows\System32\dllhost.exe VolumeInformationJump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Windows\System32\svchost.exe VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Windows\OneSettings\checkcfg.dat VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exeCode function: 15_2_00007FFF2997F240 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,15_2_00007FFF2997F240
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00007FFF29DC998C _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,_malloc_crt,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,20_2_00007FFF29DC998C
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeCode function: 20_2_00000001400020D0 GetFileAttributesA,Sleep,GetVersionExA,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,ChangeServiceConfigA,StartServiceA,CloseServiceHandle,CloseServiceHandle,20_2_00000001400020D0
                Source: C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Changes security center settings (notifications, updates, antivirus, firewall)
                Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
                Modifies the hosts file
                Source: C:\Windows\System32\dllhost.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: svchost.exe, 0000000B.00000002.2474432539.000001D64B102000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
                Source: x64dbg.exe, 0000000F.00000002.1540286586.00007FFF171FF000.00000008.00000001.01000000.00000000.sdmpBinary or memory string: ayagent.aye
                Source: DevQueryBroker.exeBinary or memory string: 360tray.exe
                Source: svchost.exe, 0000000B.00000002.2474432539.000001D64B102000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C00000F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.00000001404EE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6C02A2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.0000000140234000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2680115867.000000C000161000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C000236000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFD8D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 4696, type: MEMORYSTR
                Opens network shares
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\AJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\BJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\CJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\DJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\EJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\FJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\GJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\HJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\IJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\JJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\KJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\LJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\MJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\NJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\OJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\PJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\QJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\RJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\SJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\TJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\UJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\VJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\WJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\XJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\YJump to behavior
                Source: C:\Windows\System32\dllhost.exeFile opened: \\tsclient\ZJump to behavior
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\A
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\B
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\C
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\D
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\E
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\F
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\G
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\H
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\I
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\J
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\K
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\L
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\M
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\N
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\O
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\P
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\Q
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\R
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\S
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\T
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\U
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\V
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\W
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\X
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\Y
                Source: C:\Windows\System32\svchost.exeFile opened: \\tsclient\Z

                Remote Access Functionality

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.140000000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 27.2.dllhost.exe.1b6bf8a0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C00000F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.00000001404EE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6C02A2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2442293644.0000000140234000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2680115867.000000C000161000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.2677313204.000000C000236000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BFD8D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 4696, type: MEMORYSTR
                Contains functionality to start a terminal service
                Source: dllhost.exe, 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: ...failed to start TermService, the error is PrintableString contains invalid characterYou do not have write access to registry: quotedprintable: invalid bytes after =: %qMaxStreamWindowSize must be larger than %d[WARN] yamux: frame for missing stream: %vinterrupted system call should be restartedfailed to get user privilege. the error is failed to close registry key, the error is failed to listen and serv on port range: %snot support the version of termsrv.dll - %sget current system user information failed record new user identifier, the content is failed to call service.close, the error is reflect: nil type passed to Type.Implementsreflect: CallSlice of non-variadic functionreflect: Call with too many input arguments/memory/classes/metadata/mcache/inuse:bytesruntime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulemultiple Read calls return no data or errormult64bitPow10: power of 10 is out of rangebufio: tried to rewind past start of buffertls: received unexpected key update messagetls: server did not select an ALPN protocoltls: server sent unrequested session tickettls: received malformed key_share extensiontls: invalid early data for QUIC connectiontls: client's Finished message is incorrectno multipart boundary param in Content-Typenet/http: timeout awaiting response headerstimeout waiting for SETTINGS frames from %vhttp2: server closing client connection: %vhttp2: unexpected ALPN protocol %q; want %qTransport: unhandled response frame type %Thttp2: too many 1xx informational responsesError enabling Transport HTTP/2 support: %vnet/http: invalid header field value for %qtransform: inconsistent byte count returnedexec: WaitDelay expired before I/O completereadPythonMultilines: end of value, got: %qx509: failed to parse dnsName constraint %qx509: invalid X25519 private key parametersfile %q has a package name conflict over %v): IPv6 zones cannot be present in a prefixfailed to disable user Guest, the error is edwards25519: invalid point encoding lengthexplicit time type given to non-time member[ERR] socks: Failed to get version byte: %v[WARN] yamux: failed to send ping reply: %v[ERR] yamux: Failed to read stream data: %vfailed to start auto listener. the error is failed to start the service, the error is %vfailed to call NetUserDel with error code %dSOFTWARE\Microsoft\Windows NT\CurrentVersionC:\ProgramData\Microsoft\Windows\OneSettingsfailed to call mgr.disconnect, the error is using value obtained using unexported fieldreflect: call of MakeFunc with non-Func typereflect: FieldByNameFunc of
                Source: dllhost.exe, 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ...failed to start TermService, the error is PrintableString contains invalid characterYou do not have write access to registry: quotedprintable: invalid bytes after =: %qMaxStreamWindowSize must be larger than %d[WARN] yamux: frame for missing stream: %vinterrupted system call should be restartedfailed to get user privilege. the error is failed to close registry key, the error is failed to listen and serv on port range: %snot support the version of termsrv.dll - %sget current system user information failed record new user identifier, the content is failed to call service.close, the error is reflect: nil type passed to Type.Implementsreflect: CallSlice of non-variadic functionreflect: Call with too many input arguments/memory/classes/metadata/mcache/inuse:bytesruntime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryunfinished open-coded defers in deferreturnruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=methodValueCallFrameObjs is not in a modulemultiple Read calls return no data or errormult64bitPow10: power of 10 is out of rangebufio: tried to rewind past start of buffertls: received unexpected key update messagetls: server did not select an ALPN protocoltls: server sent unrequested session tickettls: received malformed key_share extensiontls: invalid early data for QUIC connectiontls: client's Finished message is incorrectno multipart boundary param in Content-Typenet/http: timeout awaiting response headerstimeout waiting for SETTINGS frames from %vhttp2: server closing client connection: %vhttp2: unexpected ALPN protocol %q; want %qTransport: unhandled response frame type %Thttp2: too many 1xx informational responsesError enabling Transport HTTP/2 support: %vnet/http: invalid header field value for %qtransform: inconsistent byte count returnedexec: WaitDelay expired before I/O completereadPythonMultilines: end of value, got: %qx509: failed to parse dnsName constraint %qx509: invalid X25519 private key parametersfile %q has a package name conflict over %v): IPv6 zones cannot be present in a prefixfailed to disable user Guest, the error is edwards25519: invalid point encoding lengthexplicit time type given to non-time member[ERR] socks: Failed to get version byte: %v[WARN] yamux: failed to send ping reply: %v[ERR] yamux: Failed to read stream data: %vfailed to start auto listener. the error is failed to start the service, the error is %vfailed to call NetUserDel with error code %dSOFTWARE\Microsoft\Windows NT\CurrentVersionC:\ProgramData\Microsoft\Windows\OneSettingsfailed to call mgr.disconnect, the error is using value obtained using unexported fieldreflect: call of MakeFunc with non-Func typereflect: FieldByNameFunc of

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure1
                Valid Accounts                		221
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                File and Directory Permissions Modification                		11
                Input Capture                		2
                System Time Discovery                		1
                Remote Desktop Protocol                		1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomains1
                Replication Through Removable Media                		1
                Native API                		1
                Valid Accounts                		1
                Extra Window Memory Injection                		11
                Disable or Modify Tools                		LSASS Memory11
                Peripheral Device Discovery                		Remote Desktop Protocol11
                Input Capture                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts2
                Command and Scripting Interpreter                		12
                Windows Service                		1
                Valid Accounts                		1
                Deobfuscate/Decode Files or Information                		Security Account Manager4
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                Service Execution                		1
                Registry Run Keys / Startup Folder                		1
                Access Token Manipulation                		3
                Obfuscated Files or Information                		NTDS47
                System Information Discovery                		Distributed Component Object ModelInput Capture1
                Multi-hop Proxy                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
                Windows Service                		1
                Software Packing                		LSA Secrets1
                Network Share Discovery                		SSHKeylogging3
                Non-Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts521
                Process Injection                		1
                DLL Side-Loading                		Cached Domain Credentials1
                Query Registry                		VNCGUI Input Capture4
                Application Layer Protocol                		Data Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                Registry Run Keys / Startup Folder                		1
                File Deletion                		DCSync391
                Security Software Discovery                		Windows Remote ManagementWeb Portal Capture1
                Proxy                		Exfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Extra Window Memory Injection                		Proc Filesystem151
                Virtualization/Sandbox Evasion                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt122
                Masquerading                		/etc/passwd and /etc/shadow2
                Process Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                Valid Accounts                		Network Sniffing1
                Application Window Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                Access Token Manipulation                		Input Capture1
                Remote System Discovery                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task151
                Virtualization/Sandbox Evasion                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers521
                Process Injection                		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579096 Sample: NetFxRepairTools.msi Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 81 youtube-ui.l.google.com 2->81 83 www.youtube.com 2->83 85 32 other IPs or domains 2->85 109 Malicious sample detected (through community Yara rule) 2->109 111 Yara detected UAC Bypass using CMSTP 2->111 113 Yara detected Quasar RAT 2->113 115 3 other signatures 2->115 8 DevQueryBroker.exe 2 2->8         started        11 x64dbg.exe 14 2->11         started        14 svchost.exe 1 2 2->14         started        17 10 other processes 2->17 signatures3 process4 dnsIp5 127 Writes to foreign memory regions 8->127 129 Allocates memory in foreign processes 8->129 19 spoolsv.exe 9 2 8->19 injected 65 C:\ProgramData\...\DevQueryBroker.exe, PE32+ 11->65 dropped 67 C:\Users\user\AppData\Local\...\log8A9F.tmp, PE32+ 11->67 dropped 69 C:\Users\user\AppData\Local\...\log74A4.tmp, PE32+ 11->69 dropped 77 4 other files (none is malicious) 11->77 dropped 131 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->131 133 May use the Tor software to hide its network traffic 11->133 23 DevQueryBroker.exe 3 11->23         started        25 cmd.exe 10 11->25         started        27 cmd.exe 2 11->27         started        103 127.0.0.1 unknown unknown 14->103 135 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 14->135 137 Queries memory information (via WMI often done to detect virtual machines) 14->137 105 192.168.2.16, 1080, 137, 138 unknown unknown 17->105 107 239.255.255.250 unknown Reserved 17->107 71 C:\Windows\Installer\MSI125D.tmp, PE32 17->71 dropped 73 C:\Windows\Installer\MSI121E.tmp, PE32 17->73 dropped 75 C:\Users\user\AppData\Roaming\...\x64dbg.exe, PE32+ 17->75 dropped 79 12 other files (none is malicious) 17->79 dropped 139 Changes security center settings (notifications, updates, antivirus, firewall) 17->139 29 firefox.exe 2 225 17->29         started        32 chrome.exe 17->32         started        34 MpCmdRun.exe 17->34         started        36 2 other processes 17->36 file6 signatures7 process8 dnsIp9 57 C:\...\DevQueryBrokerService.dll, PE32+ 19->57 dropped 117 Early bird code injection technique detected 19->117 119 Hijacks the control flow in another process 19->119 121 Writes to foreign memory regions 19->121 125 2 other signatures 19->125 38 dllhost.exe 9 4 19->38         started        43 svchost.exe 19->43         started        123 Detected unpacking (creates a PE file in dynamic memory) 23->123 45 conhost.exe 25->45         started        47 conhost.exe 27->47         started        91 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49728, 49733, 49738 GOOGLEUS United States 29->91 93 push.services.mozilla.com 34.107.243.93, 443, 49745, 49757 GOOGLEUS United States 29->93 99 8 other IPs or domains 29->99 59 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->59 dropped 61 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->61 dropped 49 firefox.exe 29->49         started        51 firefox.exe 29->51         started        53 firefox.exe 29->53         started        95 www.google.com 142.250.181.132, 443, 49703, 49704 GOOGLEUS United States 32->95 97 play.google.com 142.250.181.142, 443, 49715, 49717 GOOGLEUS United States 32->97 101 2 other IPs or domains 32->101 55 conhost.exe 34->55         started        file10 signatures11 process12 dnsIp13 87 ferp.googledns.io 154.12.191.39, 1080, 49718, 49724 SERVER-MANIACA United States 38->87 89 ifconfig.me 34.160.111.145, 443, 49725, 49727 ATGS-MMD-ASUS United States 38->89 63 C:\Windows\System32\drivers\etc\hosts, ASCII 38->63 dropped 141 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 38->141 143 Creates files in the system32 config directory 38->143 145 Contains functionality to start a terminal service 38->145 149 2 other signatures 38->149 147 Opens network shares 43->147 file14 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                NetFxRepairTools.msi0%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                :Shl (copy)3%ReversingLabs
                C:\Program Files (x86)\Microsoft.NET\Repair\NetFxRepairTool.exe0%ReversingLabs
                C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe0%ReversingLabs
                C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\msvcr120.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSI1FDF.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSIC5A4.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSIC612.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSIC642.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSIC653.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSIC682.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\MSIC700.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\log70D9.tmp5%ReversingLabs
                C:\Users\user\AppData\Local\Temp\log74A4.tmp0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\log8A9F.tmp0%ReversingLabs
                C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcp120.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcr120.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64bridge.dll3%ReversingLabs
                C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
                C:\Windows\Installer\MSI121E.tmp0%ReversingLabs
                C:\Windows\Installer\MSI125D.tmp0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                star-mini.c10r.facebook.com
                		157.240.196.35
                		truefalse
                  		high
                  example.org
                  		93.184.215.14
                  		truefalse
                    		high
                    prod.classify-client.prod.webservices.mozgcp.net
                    		35.190.72.216
                    		truefalse
                      		high
                      prod.balrog.prod.cloudops.mozgcp.net
                      		35.244.181.201
                      		truefalse
                        		high
                        twitter.com
                        		104.244.42.65
                        		truefalse
                          		high
                          prod.detectportal.prod.cloudops.mozgcp.net
                          		34.107.221.82
                          		truefalse
                            		high
                            services.addons.mozilla.org
                            		151.101.65.91
                            		truefalse
                              		high
                              plus.l.google.com
                              		142.250.181.46
                              		truefalse
                                		high
                                dyna.wikimedia.org
                                		185.15.58.224
                                		truefalse
                                  		high
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  		34.149.100.209
                                  		truefalse
                                    		high
                                    contile.services.mozilla.com
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      prod.content-signature-chains.prod.webservices.mozgcp.net
                                      		34.160.144.191
                                      		truefalse
                                        		high
                                        youtube-ui.l.google.com
                                        		172.217.17.78
                                        		truefalse
                                          		high
                                          play.google.com
                                          		142.250.181.142
                                          		truefalse
                                            		high
                                            reddit.map.fastly.net
                                            		151.101.1.140
                                            		truefalse
                                              		high
                                              ipv4only.arpa
                                              		192.0.0.170
                                              		truefalse
                                                		high
                                                ferp.googledns.io
                                                		154.12.191.39
                                                		truefalse
                                                  		unknown
                                                  prod.ads.prod.webservices.mozgcp.net
                                                  		34.117.188.166
                                                  		truefalse
                                                    		high
                                                    push.services.mozilla.com
                                                    		34.107.243.93
                                                    		truefalse
                                                      		high
                                                      www.google.com
                                                      		142.250.181.132
                                                      		truefalse
                                                        		high
                                                        ifconfig.me
                                                        		34.160.111.145
                                                        		truefalse
                                                          		high
                                                          normandy-cdn.services.mozilla.com
                                                          		35.201.103.21
                                                          		truefalse
                                                            		high
                                                            telemetry-incoming.r53-2.services.mozilla.com
                                                            		34.120.208.123
                                                            		truefalse
                                                              		high
                                                              www.reddit.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                spocs.getpocket.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  content-signature-2.cdn.mozilla.net
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    firefox.settings.services.mozilla.com
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high
                                                                      www.youtube.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        www.facebook.com
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		high
                                                                          detectportal.firefox.com
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		high
                                                                            normandy.cdn.mozilla.net
                                                                            		unknown
                                                                            		unknownfalse
                                                                              		high
                                                                              shavar.services.mozilla.com
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		high
                                                                                apis.google.com
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		high
                                                                                  www.wikipedia.org
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    		high

                                                                                    Contacted URLs

                                                                                    NameMaliciousAntivirus DetectionReputation
                                                                                    https://ifconfig.me/ipfalse
                                                                                      		high
                                                                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                                        		high

                                                                                        URLs from Memory and Binaries

                                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000001D.00000003.2159473714.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1872470149.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000001D.00000003.2117366636.0000017F68FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1775270130.0000017F6E6C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68FDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.mozilla.com0firefox.exe, 0000001D.00000003.2145679763.0000017F77DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000001D.00000003.1654753573.0000017F6D037000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000001D.00000002.2551859399.0000017F5B2D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://t0.ssl.ak.dynamic.tiles.x_svchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://screenshots.firefox.comfirefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 0000001D.00000003.1826898523.0000017F7504E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://completion.amazon.com/search/complete?q=firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000001D.00000003.1640714130.0000017F6BEC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BEF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79ffirefox.exe, 0000001D.00000003.2030071066.0000017F6B3F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000001D.00000003.1964608700.0000017F7850F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1757082809.0000017F7809F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://profiler.firefox.com/firefox.exe, 0000001D.00000003.2130602580.0000017F68675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.msn.comfirefox.exe, 0000001D.00000003.1899288503.0000017F6BFE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/mozilla-services/screenshotsfirefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://sg1.telegram-dns.com/api.php?mod=keysXR/5dllhost.exe, 0000001B.00000002.2680115867.000000C0000B2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000001D.00000003.1667635356.0000017F6E6F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://exslt.org/setsfirefox.exe, 0000001D.00000002.2588461983.0000017F6698A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369882219.000001565D05A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000001D.00000003.1853358692.0000017F77A9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://sg1.telegram-dns.com/api.php?mod=keysGOLDdllhost.exe, 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.founder.com.cn/cnm3firefox.exe, 0000001D.00000003.2369456046.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2368373608.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2367429898.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.instagram.com/firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://exslt.org/commonfirefox.exe, 0000001D.00000002.2588461983.0000017F6698A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://fpn.firefox.comfirefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://crl.ver)svchost.exe, 00000004.00000002.2512435025.00000213CEC00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.youtube.com/firefox.exe, 0000001D.00000003.2153911341.0000017F74DD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1861226510.0000017F74DD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 0000001D.00000003.1853358692.0000017F77AAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://127.0.0.1:firefox.exe, 0000001D.00000003.2117366636.0000017F68F36000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68F52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2295631940.0000017F68F55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1870124138.0000017F6ED7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000001D.00000003.1726680504.0000017F77F91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://bugzilla.mofirefox.exe, 0000001D.00000003.1847344534.0000017F7851D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2109114445.0000017F6B747000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://dynamic.tsvchost.exe, 00000006.00000002.1371065541.000001565D03F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1371113577.000001565D050000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://g.live.com/odclientsettings/Prod-C:svchost.exe, 00000004.00000003.1203077472.00000213CE9D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://detectportal.firefox.comPfirefox.exe, 0000001D.00000003.1879583837.0000017F6D997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2034409229.0000017F6D99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2107913113.0000017F6D99B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://shavar.services.mozilla.com/firefox.exe, 0000001D.00000003.2047215943.0000017F6BEB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://spocs.getpocket.com/firefox.exe, 0000001D.00000003.1969654661.0000017F6E58B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2156839131.0000017F6ED44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1858899722.0000017F75128000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000006.00000003.1370009112.000001565D042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000006.00000003.1369798985.000001565D058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 0000001D.00000003.2130602580.0000017F6864D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2290001031.0000017F78943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://normandy.cdn.mozilla.netfirefox.exe, 0000001D.00000002.2588461983.0000017F66945000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.fontbureau.comsedfirefox.exe, 0000001D.00000003.2251488641.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2250505889.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://mozilla.org/MPL/2.0/.firefox.exe, 0000001D.00000003.1759081319.000001820003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1722757601.0000017F6B112000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2005410902.0000017F6AF88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2113286828.0000017F6AF66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1636341313.0000017F75222000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2127437257.0000017F69533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1726680504.0000017F77F8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1726680504.0000017F77F9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1640714130.0000017F6BE22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2113286828.0000017F6AF96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1814967543.0000017F689E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1784885591.0000017F6E4F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1637313705.0000017F74DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2232007039.0000017F6917E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1692053020.0000017F750A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2058852341.0000017F68329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1726680504.0000017F77F8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://account.bellmedia.cfirefox.exe, 0000001D.00000003.1899288503.0000017F6BFE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000006.00000002.1370762210.000001565D02B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://login.microsoftonline.comfirefox.exe, 0000001D.00000003.1899288503.0000017F6BFD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1898751765.0000017F6BFE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 0000001D.00000003.2145679763.0000017F77DD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://www.bingmapsportal.comcsvchost.exe, 00000006.00000002.1370593659.000001565D013000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000001D.00000003.1667635356.0000017F6E6F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://x1.c.lencr.org/0firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://x1.i.lencr.org/0firefox.exe, 0000001D.00000003.1978080852.0000017F6B2A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1899288503.0000017F6BFB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000001D.00000003.1867413295.0000017F77D55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000001D.00000003.1873860896.0000017F6E578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000001D.00000003.1999357167.0000017F77ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://www.sandoll.co.krfirefox.exe, 0000001D.00000003.2357014247.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://identity.mozilla.com/apps/relayfirefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000006.00000003.1369493601.000001565D067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.1370762210.000001565D02B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://mathiasbynens.be/firefox.exe, 0000001D.00000003.1826898523.0000017F7504E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000001D.00000003.1777760415.0000017F781CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000001D.00000003.1908238046.0000017F6BE2E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000001D.00000003.1846788701.0000017F78547000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1851597544.0000017F77E6B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://screenshots.firefox.com/firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2120489419.0000017F68F20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2131104974.0000017F68608000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000006.00000003.1369093978.000001565D085000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://www.google.com/searchfirefox.exe, 0000001D.00000003.2098941897.0000017F78024000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1583318617.0000017F68D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1757082809.0000017F7809F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1849951763.0000017F78020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000006.00000002.1371135104.000001565D059000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369900454.000001565D046000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://json-schema.org/draft-07/schema#-firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000006.00000003.1369510307.000001565D062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1369922525.000001565D054000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://support.mozilla.org/products/firefoxfirefox.exe, 0000001D.00000003.1863350895.0000017F78470000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1863350895.0000017F78483000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000006.00000002.1371113577.000001565D050000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://www.founder.com.cn/cnfirefox.exe, 0000001D.00000003.2369456046.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2368373608.0000017F61F17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2367429898.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://www.google.com/complete/searchfirefox.exe, 0000001D.00000003.1660367194.0000017F6E428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://watch.sling.com/firefox.exe, 0000001D.00000003.2116561845.0000017F695A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2293769246.0000017F695A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://www.galapagosdesign.com/3firefox.exe, 0000001D.00000003.2353199042.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                            http://exslt.org/strings8firefox.exe, 0000001D.00000002.2551859399.0000017F5B203000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                              https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 0000001D.00000003.1858099660.0000017F75166000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://github.com/google/closure-compiler/issues/3177firefox.exe, 0000001D.00000003.1654753573.0000017F6D037000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://g.live.com/odclientsettings/ProdV2-C:svchost.exe, 00000004.00000003.1203077472.00000213CE9C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://json-schema.org/draft/2019-09/schema./firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://getpocket.com/recommendationsfirefox.exe, 0000001D.00000003.2159473714.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1872470149.0000017F6EC50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.tsfirefox.exe, 0000001D.00000003.1653151859.0000017F750F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          https://lit.dev/docs/templates/directives/#stylemapfirefox.exe, 0000001D.00000003.1656105651.0000017F6D03F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                                            https://push.services.mozilla.comfirefox.exe, 0000001D.00000003.1893649417.0000017F6C3CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                                              https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.tsfirefox.exe, 0000001D.00000003.1653151859.0000017F750F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                                https://mochitest.youtube.com/firefox.exe, 0000001D.00000003.1735917772.0000017F78243000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                                  http://www.galapagosdesign.com/(firefox.exe, 0000001D.00000003.2353199042.0000017F61F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                    http://json-schema.org/draft-06/schema#firefox.exe, 0000001D.00000003.1865688947.0000017F77DD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                                      https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000006.00000003.1369493601.000001565D067000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                                        https://t0.ssl.ak.PZsvchost.exe, 00000006.00000003.1369975865.000001565D033000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                          http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerfirefox.exe, 0000001D.00000003.1999357167.0000017F77ACD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.1853358692.0000017F77AB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                            151.101.65.91
                                                                                                                                                                                                                                                                                            		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                                            142.250.181.132
                                                                                                                                                                                                                                                                                            		www.google.comUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                                                                                            		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                                                                                            		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            142.250.181.46
                                                                                                                                                                                                                                                                                            		plus.l.google.comUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                                                                                            		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            142.250.181.142
                                                                                                                                                                                                                                                                                            		play.google.comUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                                                                                            		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                                                                                            		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                                                                                            		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                                                                                            		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                                                                                                                            154.12.191.39
                                                                                                                                                                                                                                                                                            		ferp.googledns.ioUnited States
                                                                                                                                                                                                                                                                                            		55286SERVER-MANIACAfalse
                                                                                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                                                                                            		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                                                                                            		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                            34.160.111.145
                                                                                                                                                                                                                                                                                            		ifconfig.meUnited States
                                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                                                                            192.168.2.16
                                                                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                            Analysis ID:1579096
                                                                                                                                                                                                                                                                                            Start date and time:2024-12-20 20:05:07 +01:00
                                                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                            Overall analysis duration:0h 11m 17s
                                                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:34
                                                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                            Number of injected processes analysed:2
                                                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                                                            Sample name:NetFxRepairTools.msi
                                                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                                                            Classification:mal100.troj.adwa.spyw.expl.evad.winMSI@61/109@70/18
                                                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                                                            • Successful, ratio: 50%
                                                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                                                            • Successful, ratio: 65%
                                                                                                                                                                                                                                                                                            • Number of executed functions: 35
                                                                                                                                                                                                                                                                                            • Number of non-executed functions: 294
                                                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                                                            • Found application associated with file extension: .msi

                                                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 23.193.114.18, 199.232.210.172, 23.196.46.38, 142.250.181.99, 172.217.17.78, 64.233.164.84, 172.217.17.46, 172.217.17.67, 142.250.181.42, 216.58.208.234, 142.250.181.106, 172.217.17.74, 172.217.19.234, 172.217.19.10, 172.217.19.202, 172.217.19.170, 142.250.181.10, 172.217.17.42, 142.250.181.74, 142.250.181.138, 44.228.225.150, 52.40.120.141, 44.240.87.158, 172.217.17.35, 34.104.35.123, 88.221.134.209, 88.221.134.155, 172.217.19.206, 4.175.87.197
                                                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a19.dscg10.akamai.net, clients2.google.com, redirector.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, safebrowsing.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, clients1.google.com, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, ctldl.windowsupdate.com, ogads-pa.googleapis.com, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                                            • Execution Graph export aborted for target firefox.exe, PID 7488 because it is empty
                                                                                                                                                                                                                                                                                            • Execution Graph export aborted for target svchost.exe, PID 7660 because there are no executed function
                                                                                                                                                                                                                                                                                            • Execution Graph export aborted for target x64dbg.exe, PID 7892 because there are no executed function
                                                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                            • VT rate limit hit for: NetFxRepairTools.msi

                                                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                                                                            14:05:39API Interceptor6x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                                                                            14:06:01API Interceptor1x Sleep call for process: x64dbg.exe modified
                                                                                                                                                                                                                                                                                            14:06:11API Interceptor879x Sleep call for process: spoolsv.exe modified
                                                                                                                                                                                                                                                                                            14:06:17API Interceptor4x Sleep call for process: dllhost.exe modified
                                                                                                                                                                                                                                                                                            14:06:36API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                                            14:06:48API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                            34.117.188.166nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                        ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                239.255.255.250Set-up.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                  Set-up.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                    Set-up.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                      https://tekascend.com/Ray-verify.htmlGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                                                                                                        http://url4659.orders.vanillagift.com/ls/click?upn=u001.4gSefN7qGt7uZc-2BljvSfDuK9c6f7zz-2BRDdNLkOmxp-2BfCpVRV4q5JSM05F18NmhW9aTh4D-2B-2FvKc3l62XSGdMxHErqjDyHVaRGnhWtdaxelWfxz8x2-2FY7A4qgb3tzDonO-2BR4v55hRVWLW8mGedQ4WKyhGmLG6TdN0VE3FuoaMfqbWnIJZADjzcMmwi0-2FbwmmeKkdfIhUk0sBHSi9RcRmdsfuOZwL5O2zEB6UFf08dp06kJXruK-2BF70HVCIIa3GSMCo48RLkzWG8dEOH-2FBZmckwy2IyrmhGk7TORgwM5bk4PbUxQPoYKq7IdXZDoj7BBWFZXgs6KkXD1kVfgQOsMLEKQeTvK5ATiMGw5YUv9FTPZiWgh4O-2B6hR3uc5gCam5ygOCJsmG3ya5dOP3AzZxmtrQO2ixrFnkLK-2Bkk5ChvTn26C-2BioOkvRUSczMMaDc3goe-2FffK-2FLybPlPtaG8BM0aogkRmbjy7uKwhjOW-2BFQyWewVzg-3DIgAR_79LTZgGyJjQA0yKF2CHqblXBaDJuc2sNW7Piu5vjvmdwcqDrB-2Buw9ZQukwHO-2BFDa1Pj-2BnPyP1wnuiUj8o1jeVFZ-2B0yTi1w6olXhC5xGcnSuX-2FPX8EC9nfY-2B3npShVzZ4Fae90bxak04TDiCsiP7PmtAOagYeRI4FU2qDP2MtD3eIC1vtRjmGkonGMDUW1rPFYKa2pBviC8swsnzOU26q7ssqOo-2FLjO6-2B2IyWprhTXXBsBk2HZWehLV3F8Prl0XOgIIe0Oi6f3V8mliLO9NN8Iw-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          phish_alert_iocp_v1.10.16(15).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            https://lvxsystem.info/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              Statements.pdfGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                                                                                                                                                INVOICE_2279_from_RealEyes Digital LLC (1).pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  2AIgdyA1Cl.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    34.149.100.209nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                              http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        151.101.65.91ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                            services.addons.mozilla.orgnM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                            example.orgnM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                            star-mini.c10r.facebook.comnM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            https://www.grapevine.org/join/next-gen-giving-circle-dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                                            twitter.comnM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                                            http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGnM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.117.39.58
                                                                                                                                                                                                                                                                                                                                                                            SERVER-MANIACAsh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 23.254.52.41
                                                                                                                                                                                                                                                                                                                                                                            loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.144.69.58
                                                                                                                                                                                                                                                                                                                                                                            arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 192.210.128.15
                                                                                                                                                                                                                                                                                                                                                                            loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 154.12.167.27
                                                                                                                                                                                                                                                                                                                                                                            236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 192.157.56.142
                                                                                                                                                                                                                                                                                                                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 138.128.108.3
                                                                                                                                                                                                                                                                                                                                                                            akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 144.168.128.138
                                                                                                                                                                                                                                                                                                                                                                            jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 144.168.232.103
                                                                                                                                                                                                                                                                                                                                                                            xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 104.227.27.210
                                                                                                                                                                                                                                                                                                                                                                            la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 23.250.81.200
                                                                                                                                                                                                                                                                                                                                                                            FASTLYUSphish_alert_iocp_v1.10.16(15).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.192.176
                                                                                                                                                                                                                                                                                                                                                                            https://lvxsystem.info/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                            http://www.eventcreate.com/e/you-have-received-a-new-docGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            https://dnearymedahealthstaffing.wordpress.com/medahealthstaffing-proposal/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                                            http://northwesthousingservices.discussripped.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                                            mniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                                                            ATGS-MMD-ASUSnshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 48.88.173.136
                                                                                                                                                                                                                                                                                                                                                                            nshkmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 32.224.88.188
                                                                                                                                                                                                                                                                                                                                                                            nshkarm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 48.180.175.217
                                                                                                                                                                                                                                                                                                                                                                            nshkarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 57.163.111.252
                                                                                                                                                                                                                                                                                                                                                                            nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 51.95.63.11
                                                                                                                                                                                                                                                                                                                                                                            arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 57.194.231.103
                                                                                                                                                                                                                                                                                                                                                                            mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 33.168.209.224
                                                                                                                                                                                                                                                                                                                                                                            ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 57.49.43.80
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191

                                                                                                                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                            fb0aa01abe9d8e4037eb3473ca6e2dcanM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                            :Shl (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):12908544
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.190464799566411
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:196608:lVm0iCMo/H7SS9veQfysEiYRMK1DAw1Hc:lVmZBo/bSS9mPsMT+l
                                                                                                                                                                                                                                                                                                                                                                            MD5:88118F64D9D469AF9009E5F2A7527E2D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9D0AD49BFAF898D027E15AF052FD60681B5D4940
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:ACCD651F58DD3F7EAAA06DF051E4C09D2EDAC67BB046A2DCB262AA6DB4291DE7
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:79EEA6E3600348E805C83E17ED02DA9503BDD24E834542954036A48F332CEA93059FF4092A627AA779145404D96136F0DC4482B09988C3288011B20DB1D16813
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...$............P......... ...........................................`... ......................................................P.......0..............`...............................m..(.......................x............................text...p...........................`.P`.data...P1.......2..................@.`..rdata..@.... ......................@.`@.pdata......0......................@.0@.xdata..............................@.0@.bss....p.............................`..edata..............................@.0@.idata..............................@.0..CRT....`....0......................@.@..tls.........@......................@.@..rsrc........P......................@..@.reloc.......`......................@.0B................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Config.Msi\3f0e08.rbs

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1732
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.686294223311633
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:kK8Jp6Z4f8JO8Jn98Jav8Ja4EE8JaWE8JaCPtzQzuuVGuVbxEuuV/uV3uVDuV0:kK8JpQw8JO8J98Jav8JaQ8JaWE8JaCxf
                                                                                                                                                                                                                                                                                                                                                                            MD5:2AF26969F10AB1D30E05CFC7B4F370A7
                                                                                                                                                                                                                                                                                                                                                                            SHA1:86538BA1F4F9E7239B01574E56CC1B250AB3DEDC
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:29BA2D27A05CB32111B8164FC542164A0A4295A9F45092F98EA70245680C5092
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:420829262CFD677105DF67A82547BDB5ED9C6C839486EDFB4F5F877AC4B056E53FBCCC7C58E0085961D0BCC563FDB280E12331C51B2705D1C2A134F1BFEBFE16
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.p.Y.@.....@.....@.....@.....@.....@......&.{36223E43-53E4-48EA-A1A6-71345F08EA65}..NetFxRepairTools..NetFxRepairTools.msi.@.....@.....@.....@........&.{D43C4601-625B-43A4-9F82-1C3DF4A546F5}.....@.....@.....@.....@.......@.....@.....@.......@......NetFxRepairTools......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{03E4C1DC-B3C4-4C33-B8CE-9B68235CD8F8}&.{36223E43-53E4-48EA-A1A6-71345F08EA65}.@......&.{57A454BC-939C-4E3A-933D-7BA43563322A}&.{36223E43-53E4-48EA-A1A6-71345F08EA65}.@......&.{9EA2AD88-18CE-4A27-ADC5-28F23834F7E1}&.{36223E43-53E4-48EA-A1A6-71345F08EA65}.@......&.{2FE2D98E-4329-4144-9E3E-C085D25335C0}&.{36223E43-53E4-48EA-A1A6-71345F08EA65}.@......&.{0E81BCA2-D31F-41CC-9064-FDABB3047FA6}&.{36223E43-53E4-48EA-A1A6-71345F08EA65}.@......&.{815E5327-C8AA-470E-B4C0-9D1B168580E2}&.{36223E43-53E4-48EA-A1A6-71345F08EA65}.@........InstallFiles..Copying new files&.File: [1],

                                                                                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\78E3D2D7\DevQueryBrokerService.dll

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\spoolsv.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):979456
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.1893671945386615
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:o/JR1ajWXUnFu2szEZvIrxD6WO1ZNm8xymoWP5uE:oBaiXUnF4zEFIFD6WO1esBuE
                                                                                                                                                                                                                                                                                                                                                                            MD5:4968AD109CC6608B0730037EA684AA06
                                                                                                                                                                                                                                                                                                                                                                            SHA1:49D5A538DC7A6F1F63A26A9C0EB9B037AA0A5D8F
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:33DEDF9595E8AE36D7303FDC333795D726199AFDFE81E9E0064E194D247550BF
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8E83FA0FA8F3AFB348A06FA24323EC8EAE48794C1EDD9FA86DE1EC20FC446B6146D1B72ADD8C7BD64ACF20B787CC253277E280DF984AED369C22C37070515A3A
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....=.f..........."...$............P..........*.............................p............`... .........................................D............@....... ...............P..............................`]..(...................H................................text...P...........................`.P`.data....<.......>..................@.`..rdata..............................@.`@.pdata....... ......................@.0@.xdata..$...........................@.0@.bss..................................`..edata..D...........................@.0@.idata..............................@.0..CRT....`.... ......................@.@..tls.........0......................@.@..rsrc........@......................@..@.reloc.......P......................@.0B................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\Microsoft.NET\Repair\NetFxRepairTool.exe

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1257240
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.917683425448334
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:eGHL3siy9Uh04s1gXorYXye3jbns2061FZ82EMNMNFVfuFhmXcWH:7L3s7wm1EnXye3jbn90yZ83MNMjIFssw
                                                                                                                                                                                                                                                                                                                                                                            MD5:0F7F7358F7AD3316942D0722BF3D1C29
                                                                                                                                                                                                                                                                                                                                                                            SHA1:46F58F0AC57499E586A5D1A18B0419B21E59438A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:82AC76B9F2648597012A15EF1EDEDAA7C0682DF2E73D5E751124214267D9C278
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:375572472B9454037BF2247102E46C1989089C9B7508ADBCC5C25E733710359CB85F0C579A169E9B1591765E275956E70A527A044819849663CCCB4133713CB7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..T>.WT>.WT>.WO.DWU>.Ws..WW>.W...WU>.W;HqWz>.W;HDW@>.W;HpW=>.W...WE>.WT>.W.>.WO.uW.>.WO.AWU>.WO.@WU>.WO.GWU>.WRichT>.W................PE..L.....kY.........."......r...r...................@..........................P............@...... .................................................. ....'... ..8...@................................X..@...........T...........`....................text...zq.......r.................. ..`.data...`7...........v..............@....idata..............................@..@.boxld01............................@..@.rsrc............ ..................@..@.reloc..D)... ...*..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):31696
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.370599355249386
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:384:6mwZVP8p19bExJI7UXw/qLTT6/SwJHuofJ48sTlZwgmXVY7WnBrrWHyHRN7/IFFg:p0Y+nXhTe/LJghT7wguV0ugFFXzg9z64
                                                                                                                                                                                                                                                                                                                                                                            MD5:0BD5E02B3F1A21A37836B531163A03F5
                                                                                                                                                                                                                                                                                                                                                                            SHA1:53E805EDD93DB58DEEA23B87ECA8DD5CF8BEC61F
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:18A6BAB96C2BAC36F67A501A2C4E3E943B694FED8BCC759B6860708FB3732D93
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BBD019131FFE608FF5483328545E882218D4371F1CE73E13CB104B4542981D0A5E81C3F239CA82D6A4830D6740ABE3946FC513ED6CE04D866FE77C3E1C3E0EF9
                                                                                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TI.5'..5'..5'.,@...5'..d...5'..d...5'..d..5'..d..5'.o..5'..5&..5'.,@..5'.,@...5'.,@...5'.Rich.5'.........................PE..d.....'b.........."......2...$.......6.........@..........................................`..................................................r...............`.......T...'..........@...8...............................p............p...............................text....0.......2.................. ..`.data........P.......6..............@....pdata.......`.......8..............@..@.idata.......p.......<..............@..@.rsrc................J..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):510508
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.48483432816535
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:tiRUuRYzoVt+oo04D+Nq26IS0XYvH2oGCD8SS:tFuRYkGaKZ26IS0XY/GY8b
                                                                                                                                                                                                                                                                                                                                                                            MD5:0CD5FA42B74D4FB2C2DFFF6C7CE090AA
                                                                                                                                                                                                                                                                                                                                                                            SHA1:622BD4D0B8877719D4BAB19D76FA7950585A7D3C
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:489A15AAEF942C63469067A159203ADCD05C24A9B255AB65890CC27962741843
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:434A952169353173E6037885F104786CACBA955C2BF9995A47C4355B38ED4451BADC012EB534C0F720273CF3F24AE354E086E7068DAEA12F95302FBF96C0BC60
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:K.B...BABBB.FBr..BB.BzOCR.Fz[rRCBBBL].LB.K.Bc.C..c.*B+1b20-%0B#/b!#,,-B6b 'b07,Bb+,b...bB/-&'lOOH@fF.\.....Fi.GA..j...BM..l..@Em...@Eo..BEzR.l.O@Em..I@EGmh@M..h...BUy.`..@E`j@uy.k@E.+N!*C)W...BBB&.DB...$C.S.B`BI@LBbB.@BB.E+@I..BARAGB.B.B.GBMD@KBB.AZB.HA..I@B"..AVBD._EF.E.R.O#BC.AB&.F.@.RHB.]JJ.HBBVKBB..ABDzJIGG..ABj.BD..AB.@..N2.@BZC..A.Cl.6':6BG..BwE.d.|.IbBB"lB0&#6#BB..bBU.VB`.C.NQJV...l.KB.......".C...EH3.K.l2AH.z.xB[B[Bb...Q.......BB..YBT.E.^..Kl0'..-!B..B..B..J..K..U.@=R=RC&R...j..OB.vHB...B@B"C..@B..".j.z..C.A.@..n..W.tH.B.q."FWbC..j..G..GJ.G.H.bHb@D..5CG.K."G...?c.GG..@.J.R..G.#A.Ot..B.k..K..KbR....B@.W.BuHB..G.wS.B.G..C..B6Q..@.!.BF...S....G.@.W.AN..A....^..J....@O/.T..N..O.Z..!C."A..z#C.a'.H..D._.aZ!G.#GN.%G.z"k. N.."A k..BB.BBb.....b...@..P.q...R.....G.MF..t....J.f..C.....<r....BBB.....f.CBA...BB..R.....$B..BBrBB...JWq..Q...R.M...J.6@jcG....q.SaG.WN.F.W...G.M...GFp..W.....B.......MB.S$.y.7bb.!.~..=WJ.~C....vC.....V6I..T..~bK.DM.~.TR.!FJ`EM.oS.C.~D.E..~R

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBrokerCore.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7515903
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.51239386703578
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:49152:mzz0/XLvmYsqKygXQeyCioJfjRTKptzD+g2n/aCUpWEGjbStUySkLJ5uvLv0m6TB:c8rKVkM8/Dl2/aCCWh8SOuveuJo1aGIw
                                                                                                                                                                                                                                                                                                                                                                            MD5:294D7411EB85CC0432BD2ABB82B6BD04
                                                                                                                                                                                                                                                                                                                                                                            SHA1:B86DBF0D661B5086FBB0F8A0EF1D6AE2190AC8D3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:C1D3F65C69534D6456DC2AB441CD36D898F93E1F9855FB6BC322A128655A0834
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5459952B57389C9508022A0158DFC822255A24135514A6889794CEA509BD633A81E130300F5B5CC228461EAC271A7F513C16BE924F846F8F57232D5F0D013049
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..B...BABBB.FBr..BB.BzoCR.Fz[r.B2L]B.LB.K.c.BC..c.*+1Bb20-%0#/Bb!#,,-6bB 'b07,b+B,b...b/-.&'lOOHfF....BB&.NFOCAD.Bl@I@@BfB..BB|..BB.DB.VBYpR@].CCDCI@BZBDB@ODEBR.C@.TX.B@B"..BBb@vBAyBIIFJDMBAO..B...V..B.WBF.J.B.C..B.LIBv.O.C.B.N-C.D.Ab.B.j.L...B..e..OCKl6':6CF\..;...?.U"B"."l&#6#.QR.{EBB".Wx.AL..A._.C.B".Fl0AV.O:BB...BBL.A..A3.Q.l2.K.z.xBPN.x..KBB.bBr.l:.KfO..D...Q.C..C.Ca.B.K 11.Ab).DBB..E.K.e\'.Q....B)BB..Q+.K.&.$BT.S...K.l....U.2@C.B.Q..K..l6..e.=.K...K010!.P....B.BB..Kr..z'.-BH...B2....K..g.B=R.R.$$lM].@BM].B...jB..G..Bs....).C..C.C.G.C..Cm.B$B.z..7M.!..~.C..zC>V6+"J.bG.O.B..B.B.6F...(.N..BB....B..W@..E.P.R.5..C..Cu...AGB..B.zC6B.s....j.G.W..3....BF...CM..Z$..IC6..B@R7....YLM..:......_Bs..M..P$b@M]..B..FO..N....B.I.BB.:6.E..BG... E....Ek"@$.gHz.Y'.W..G.f..bKW..BO...B.B.G.CG..B..fb.G...[..J._BU"JN.z.[.R....B.........O../s...DB.......F.J.O..M..R.M...j'..JFgr.G.._NCBI..2Js..B.g...B.TFM].Z.{.M.PU.G.......B....M.qB..7...wF..b|..D...CM.GBG.D.^F..bC.G...I...

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBrokerPre.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):627623
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.495051299606807
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:Pg1kMI7/EynLYCENzJ5JkZdQ5pRsNp2pU/rZekupley0Nv:PVVLHGtg65bsN5qpoyC
                                                                                                                                                                                                                                                                                                                                                                            MD5:E257FB284618123044C433917EAEC62C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:721285A74C2A48A28AFBB7F942434D222740F895
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:AA6188BC66A5AFCCA8570FFB9366F84C94A80DB14497ED856578F8DA388AB961
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:663ECA7D8CCA4CB997C40737AC48177EA6A5C812CE80FAA1686B115B7F5F951AFA82CD0E9539330A525B90B69AA249A9E87E564A8A3E9D3C9062F7194B316965
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..B...BABBB.FBr..BB.BzOCR.FzXrCBBLB].LB.K.cB.C..c.*+B1b20-%0#B/b!#,,-6Bb 'b07,bB+,b...b/B-&'lOOHfCF.W0.8.Qh.kGA.#kj.BMb.#mj.@Elj..BEq)mj;@E.lj.@Ekj.BEJ.#i@E.Qik..BMr+aj.@EJjj.BE.+!*AC.W...BB&..DB.(.$.S.BB`BI@LbB..J.M@I.yBA.R@G.B9BB.G@ZBBD@K.ABbS.A..I@B".AVBD]._EF.E.R.OBB.r.CB&.FF@.RFB..WBRSB..Bxb.CBz.Q.Gr..CBA.FNRC^B.C..QGEl6'.:6BA".BC.Y.|EC..A.BbBB"l.0&#6#.z..G..VB..E..C@.B....l.KBJR.....E.LBB..K..l2AH.z.xBP.RP.K~BB.Q.......BB..R..K..B..Kl0'..-!.KC$..BJ.Q...K..G.B=R=R>RB.....f2........h.B.G..CB.qb......o$MR-G.>b@...C.Oq.$M=.2.....C....B..-!7...bCB/',6$...C.C1...xBBBq...f..'"& ....@.C.B6/2l...fF.$.C..-..bf.%...G..B.........."..OBB.C.2...$M].IRBB.;cS.C7B.....q..BM.FR.FS....C.7..GCBSq.M].B$.$.K.E..f.bB..2...f..#C..f.B..C`..B.W.b...R.M...X.q.C.L..6fr.qF...Bj.q..W.A.B^b.,.W.c.D....D6.Bq....WMC"@..6..B....Fq..B.BrBB.W.K.G.."Ag...@..Ib........W.AB..7..WZc.C...f#Qq.....W.b@.U.fXF..{.q..ePeBi......bW..BBbR..b.$.M.j6FB...C....B...WBB0@.BY.....-. bx..#...qJ.rNBK..fj....F#_Bb/..

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\HealthServiceRuntime.dll

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):979456
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.191150726097543
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:LuZpOi1asmpOKrG826JQGdMsrB7lyOBqFKOHymDG:LuXOlFpOKR26iGHrB7lyOBbcG
                                                                                                                                                                                                                                                                                                                                                                            MD5:75DA8947FB7A8D0EDB96821AD28928FA
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9F74EEE87CFBDE5516EC1DD1AFBBCF506C657DDB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:7C60417CE8ECDD9D8E6FC395C8FBC47442E152B80A87E5D9AD8E0F500AE63CAD
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:50858B0EB535550C658E1B85336A21DA44C47C4D10B0937AA0D3200E720C7BCF128FB5ABA40BE92A75B3E4FCA6AE7310A866EDEF1D8224875F05BB07B72734C2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8..f..........."...$............P..........*.............................p............`... ......................................................@....... ...............P..............................@]..(...................,................................text...p...........................`.P`.data....<.......>..................@.`..rdata..............................@.`@.pdata....... ......................@.0@.xdata..D...........................@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....`.... ......................@.@..tls.........0......................@.@..rsrc........@......................@..@.reloc.......P......................@.0B................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\msvcr120.dll

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):963240
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.63315431748134
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:Nj7dDxvo5outISmDa5HSueghSHkCvx44lmWymt+:NnLLSl1/Cp44h+
                                                                                                                                                                                                                                                                                                                                                                            MD5:B70474FE249402E251A94753B742788C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F53B3C21ADF75DC84977067869253E207F1B9795
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:753AC30C30AAE62415CC225E3D057B8B6254AFE280696E0A43F1A7C3132632A6
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:7776E05FE58CB3C12A4A020DEF9596ECFB6DC1B1F8CA010EC27A8AE027EADF1EEF901ACBAFE042E2F7B31D1920F62CE163342ACF37F96802EC27D68AC7BF972E
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F=&^'Su^'Su^'Su..u]'Su^'Ru.'SuSu.u.%SuSu.uo'SuSu.uh'SuSu.u.'SuSu.u_'SuSu.u_'SuSu.u_'SuRich^'Su........PE..d...$.&Y.........." .....h...:.......)..............................................C.....`.................................................p...(............@..hs...t...>......<...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata..hs...@...t..................@..@.rsrc................^..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\temp.ini

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2809
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.303931755177551
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:2wwvjy7frXrRgaOIzfuCcqCEMkhkXpOfuI9QUnFWBmOy69qQ4NQEjTv:xwvu/rSmzmCQx8uIWUF8mO19ByRv
                                                                                                                                                                                                                                                                                                                                                                            MD5:6D1CCE47EFE8A783CA0F004AECD888CF
                                                                                                                                                                                                                                                                                                                                                                            SHA1:3E093171D84B023336A6C7D8ECEC3D720C98B7DC
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:EA57AA6868EA75B7DA55CFA681164A7F0D65AE8E0CD2499740F5847B7E88E207
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:CCFD72498A2B6004FC31727B1030E8292A4F79709F4DB0F1CAD23EEFD6AC2D9A8CB99E4548125EF544B130E125DB147C6B21338B6F6F5521CDB1BE9962EF8AC9
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..B..HBB...B.....J.B.*R..2Z.B.:b....'B..Fg"BBBB.....Z.B.0b....@.BZB..M.@.Bx.!.~..J.J.BT.6;B..VK...NB.A.q..T.B.O.M....B.#...M..BA......Xb..7.Bjb.Fq.Bi.{.Z4B~.X.A.q.CBt.O.M...F.Gt.....B.i..7..BFu.y.6s.B.....F.yB.Z0..y.MB.....q..B..fZ...fBb..6fj..B>fr.....B...f.A...M.F.BI^.G.B.F..A...b..q..."..B.6..y.4Bi..V@.y.B1`...C.AB......6Bj..@....B@......CR7..W.IR..BFS..FK..B..y.0..."..q....B0.B....z[F6L.I.....B..zZ7..PB.6[.!..#.r...P.NBw.B.S.7..!b...^J.g..B........@.....z.qB......BbB..BF.@....BBB&M..B.B.....f.CBG....$rB...c....Ff.F.....B.......B..q....C.F......F...J..BrBBB......B...M....G..6XBH."...q..K.J7B-p...@BBB${S7X.{;B~=V.!3~.bA.....a.{.D6IEe..~BW.${QM...3..{~JM...@.B!NJ.A..{RCM.z.A..C.H.C...Y.b.a..g.G..B......B..<r.m..B...$.y,BD1v...^CC...Q.....BA......AJ..J.KM..DB...j..y.B>...M.cGBl...${EM.@Q.A..5~.{R|M.DBA.!D..~z..M..WR..z..f.7.J.....F.Nz..F.8..fja.G..M.}.D...-R.....pAB..i..i..A.*.R..>fb.....u...D@9m......E........]..H...H...$..D..L..E..7...L.....H.,;L..

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x35ae27a9, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.7864761226133069
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:DSB2ESB2SSjlK/6vDfi5Wy10MctJ+t9ka4XQ0/Ykr3g16L2UPkLk+kyt4eCu3uZB:Dazaovh7uka4Es2U1RFNp3pvHzrHBHz
                                                                                                                                                                                                                                                                                                                                                                            MD5:0840224064DC5F90A533C721C2C25FBF
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8587601969F6942D8E8DBD6528C82CDF902B5C43
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:20BC74C1B762C1CF722511F8C5B7C83D89BCCDC6047540B549E37EF03C2516A9
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:1D211CEB71D9088BC300832EB660CFAB6735494CB3FDFC81F35CD922E804786E4A7FB99F67D56CD0E451CA4EE78D0B51DD0A64435CA9473971B2F37473B93B01
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:5.'.... ...............X\...;...{......................0.z...... ...{..'....|I.h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{..................................t-."'....|I?.................^.'....|I..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\OneSettings\checkcfg.dat

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.80827083453526
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:iQhcA6ttI6ugB2QQV:iQMtI6ZB27
                                                                                                                                                                                                                                                                                                                                                                            MD5:BEB9BD597668D8DF841933AB50F0690E
                                                                                                                                                                                                                                                                                                                                                                            SHA1:AE16E6098C8315E136D8F585E0D40BFEF3EBA47D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:DA7170DB72930DB9463E8309DDAF83A2E0B8A4B70D92FACEF35913456862FDF4
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:37941CA256688CE044EC6B16E87295A8732AB26DBC0F8571665BE64782B1D26983209B636525D0EDDD17896EED8E3D9B1F1A70D3CA13FD04308BCFD59FECD193
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:74525a9e-40f3-4f99-bc1c-64c8fe68755e

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4f6ab73a-4dc5-4567-8cfe-34f8db084716.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.181872412958581
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:uGELMX/o/q/lcbhbVbTbfbRbObtbyEl7nJr/JA6UnSrDtTEd/S9n:QwvcelcNhnzFSJprmLnSrDhEd/w
                                                                                                                                                                                                                                                                                                                                                                            MD5:9B0C09940E6F3D2B85A2CFB40F60D8D0
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E97BE08F3FF80722FBDF7DB722B5446EAC649203
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:6A1F6CF1F040476BD1A8A8EDB48833CC4F6532BC90C0EFC20F251B3FE57147F7
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:C1F1B4C6CB1A031C6912A122209A362897D058233DA34CB751C81B0926A3D79704B47995510ED7F609EF634F25E9EE83467D2934339672E20DD534FB2CFBE6A7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"4f6ab73a-4dc5-4567-8cfe-34f8db084716","creationDate":"2024-12-20T20:14:08.916Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4f6ab73a-4dc5-4567-8cfe-34f8db084716.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.181872412958581
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:uGELMX/o/q/lcbhbVbTbfbRbObtbyEl7nJr/JA6UnSrDtTEd/S9n:QwvcelcNhnzFSJprmLnSrDhEd/w
                                                                                                                                                                                                                                                                                                                                                                            MD5:9B0C09940E6F3D2B85A2CFB40F60D8D0
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E97BE08F3FF80722FBDF7DB722B5446EAC649203
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:6A1F6CF1F040476BD1A8A8EDB48833CC4F6532BC90C0EFC20F251B3FE57147F7
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:C1F1B4C6CB1A031C6912A122209A362897D058233DA34CB751C81B0926A3D79704B47995510ED7F609EF634F25E9EE83467D2934339672E20DD534FB2CFBE6A7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"4f6ab73a-4dc5-4567-8cfe-34f8db084716","creationDate":"2024-12-20T20:14:08.916Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Public\Documents\78E3D2D7\edbtmp.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5444
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0702384881422522
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12:kzlH9g7HdTZ2mHO1DAxMXlXdTZ2mHO8DUdTZ2mHO81dTZ2mHO86CiVulHdTZ2mHb:aCHlZlM1XlZWlZ7lZoCIqHlZ
                                                                                                                                                                                                                                                                                                                                                                            MD5:2032B9DF890FDB14DC0D7FE9A9962CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E25682386D811B2DF5F4B9482E793BA36824E86C
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:3CE58EA212469E16C8061A118A0BD1847A8C9B990AD7596E5561E6A099918CBA
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:CAEDA1819C7EF48D02746A310046EA4FD9F09CD5267376AF63D2E9C03490464EB81CA60FD9AEB2CED0B4A3B3431B0EE2B055CE62E604BA680EA34D3A11ACDDAD
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:....................................................................................................................................................................................................................................................................1/13/80/................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................CduPtdqxAqnjdqRdquhbd.......................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Public\Documents\edbtmp.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):6
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):2.2516291673878226
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:7n:7n
                                                                                                                                                                                                                                                                                                                                                                            MD5:B0CC589561BAFF55E47CDF6EE7676B9A
                                                                                                                                                                                                                                                                                                                                                                            SHA1:11C841EB6FE2EFDD8E51372A423CC9D582498F29
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E38215D7AF2C3FAA9B187D9DE88C9A83B5E417C4DE1FB484FE935FCEA7233F19
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:21DDB31D01C497A7C8A2E570498EE33140748BC43724ED134C171B4D02C5327238E99FCDF3CA4D49BE0EBF75E5562946DE8785C6DE92BE3B2BE614FAED0FDFC4
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:830021

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI1FDF.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC5A4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC612.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC642.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC653.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC682.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSIC700.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log3DF1.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:zlib compressed data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3268
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.941946680835663
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:9eAv8JtMfu8qSwsSwG0dzYaTdj0XrLZ0NAWMMS:9eAv8gf5+sFzzjEyG0S
                                                                                                                                                                                                                                                                                                                                                                            MD5:A8C6BE03C0670248F2205E69E49857DE
                                                                                                                                                                                                                                                                                                                                                                            SHA1:DD684A31E617B3A64B5FEEB3E050DF2CB5DB94F9
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:44AB035BB6B28428D4CCE3ECA0BCCBE1A2699AF61286AE0B53C362E6A55F2567
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:078CFE3604E04095CB6C95FFE471B87F62C8672A98500C3C9C1F7D4D8A748D54D451C7C664C741E302483CAC14730CEFD1913B9FC01E01279ADE41ED914931B3
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:x^..w.T.....,.X.+..-....7d.W.8H..._.......>....8..s..tx>a.g...h1...b....F....,F.>e..Q.,&.....:..S....Fbc.|...7.u.+.....r..!Ctyi...=....@pl..3#....V...@.u..|8....R..Q&]?.5.B.5nH[.....AQ.p..X._... h...[..b..t[.|T..L{.T.5...$.~..K.}..[..I.$.-..lS.....TGK.g..<..."..#..a*..$.Ftxm. ....1.u}.O=..m..._..;T......#.^......#..V.32...O...t?.<.f......5.c.. ...lT.Po.REe...a.k..;.].kNQ...`..p....?....K....N....r{.'.._...a.+.T.b..y......:...O^...e.X.%n....j...qG....!........C*G...r.Gj..4./Vi.....`m4..`..........s.`^U.g.F..XG.. ....g......B.kj.\..}......./.ziA?4y.......[.v.Ky........h.`.'..F?.....)bN....(. ...s..%.'...m...n+.i.T.B!j..V..Z..@;.b.`...P...E..b1.*.g..Z..~ ..:V^*..........e..O..E|7..r9........!.GD...j..#...B.R....=.N).~...6........ .4,#..c...,..>.v..........U._..D..<.QMY...me....[M..<l..Q. vN.dI...}.@....:..fvc..*..Y.vb..H...u8.2.......X....wc.p.5}Ni.}......jj...I.k.[..'...B.3......F.7.P......b...1q...@.-...-Ag.M...{..........FE'....|.%.h

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log3DF2.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3268
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.519203673242016
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:KG0Qe6PmBf25AW6IZ4DSlctPW2TasUAQ+yilg9s3ZKMd31YyAbFgvUBI6M0fI:deJB+596IZ1o53zQ+vlNpx5UXY
                                                                                                                                                                                                                                                                                                                                                                            MD5:71A98768DEE25F8683F482067D7D8375
                                                                                                                                                                                                                                                                                                                                                                            SHA1:7F4FB02CA47A130040BF5D6A2EFB4ACB323449E1
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F02D62F3E4459824126FD0A4466FB352CD2CE6AE27D706DFF884E59FB7BBA076
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2800B83CBEAFF049C8789EF7A1B12413B3926B74B3E0E6DE53D201D0310D851687356022716C68475B899708AF993EB950E2A4EDA434974902BFAC1ABCB2361F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:........X..X.h.X.x X..(X..0QfQguX..5p...T..X.`(\..0]..].X0]..]........YsQLR..........].$.Q.b.Y..C..&...Q...Q..q.Q..\...X..T.*U...Q.b0UC.Y..UIj(.L.*Y..C..&...P...P..q.Q..\...X..P.;P.....GTK..AQ..X...UKj(..]K...n...C.X.l4(X.|40X..48X..4@QoQn.Q.Z4Y..V...iQ.Z,Y..R...Y.....UC.X..^X..YXK.;^.$.YK.2Y.`.X..Y..]..8Q..Y...X..Y......%].. Q..!Q...Y..]K..X...C.....UC.\..U..TH)..X..X..Q..TH(..."..)]s.\..Y..Q."Q..Y..Q.!...Ys.T.,.X.....X.. .JX..E.]j..vI..;..L.....2XsQLX..H`U...#X.Z!X......X+.X3..C...X.l4.efgQdQeQfQgX..@.....X.......X....3...T.p...\.t48]........X.. Y......X..\;.\;.X..4....\..40._....I........W../X...X..4....T..\.U.. .......\..4....X.LCX..X.T4.\..X.........\;.]..].<G\...9Y........X...M...Q..$GX....X.U.].<GX.T4.X.....C\I}..2Y........X.......X.f.X..Y....X.U.X.T4.X.....X..4....X.\40X..$X..X..4....XK\48..$.....X.l4.X..@QoQnQmQlonm...X.l4.XsQLX..\..T........UQ. ].`...Y..X...X...<Q...X..T..Q...Q.....Q.....5....X., Y...X...Q.X.\..Q.P....X.l4.......X..X.h.X.x X..(X..0QdQfQ

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log4246.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:zlib compressed data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3268
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.941946680835663
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:9eAv8JtMfu8qSwsSwG0dzYaTdj0XrLZ0NAWMMS:9eAv8gf5+sFzzjEyG0S
                                                                                                                                                                                                                                                                                                                                                                            MD5:A8C6BE03C0670248F2205E69E49857DE
                                                                                                                                                                                                                                                                                                                                                                            SHA1:DD684A31E617B3A64B5FEEB3E050DF2CB5DB94F9
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:44AB035BB6B28428D4CCE3ECA0BCCBE1A2699AF61286AE0B53C362E6A55F2567
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:078CFE3604E04095CB6C95FFE471B87F62C8672A98500C3C9C1F7D4D8A748D54D451C7C664C741E302483CAC14730CEFD1913B9FC01E01279ADE41ED914931B3
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:x^..w.T.....,.X.+..-....7d.W.8H..._.......>....8..s..tx>a.g...h1...b....F....,F.>e..Q.,&.....:..S....Fbc.|...7.u.+.....r..!Ctyi...=....@pl..3#....V...@.u..|8....R..Q&]?.5.B.5nH[.....AQ.p..X._... h...[..b..t[.|T..L{.T.5...$.~..K.}..[..I.$.-..lS.....TGK.g..<..."..#..a*..$.Ftxm. ....1.u}.O=..m..._..;T......#.^......#..V.32...O...t?.<.f......5.c.. ...lT.Po.REe...a.k..;.].kNQ...`..p....?....K....N....r{.'.._...a.+.T.b..y......:...O^...e.X.%n....j...qG....!........C*G...r.Gj..4./Vi.....`m4..`..........s.`^U.g.F..XG.. ....g......B.kj.\..}......./.ziA?4y.......[.v.Ky........h.`.'..F?.....)bN....(. ...s..%.'...m...n+.i.T.B!j..V..Z..@;.b.`...P...E..b1.*.g..Z..~ ..:V^*..........e..O..E|7..r9........!.GD...j..#...B.R....=.N).~...6........ .4,#..c...,..>.v..........U._..D..<.QMY...me....[M..<l..Q. vN.dI...}.@....:..fvc..*..Y.vb..H...u8.2.......X....wc.p.5}Ni.}......jj...I.k.[..'...B.3......F.7.P......b...1q...@.-...-Ag.M...{..........FE'....|.%.h

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log4247.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3268
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.519203673242016
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:KG0Qe6PmBf25AW6IZ4DSlctPW2TasUAQ+yilg9s3ZKMd31YyAbFgvUBI6M0fI:deJB+596IZ1o53zQ+vlNpx5UXY
                                                                                                                                                                                                                                                                                                                                                                            MD5:71A98768DEE25F8683F482067D7D8375
                                                                                                                                                                                                                                                                                                                                                                            SHA1:7F4FB02CA47A130040BF5D6A2EFB4ACB323449E1
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F02D62F3E4459824126FD0A4466FB352CD2CE6AE27D706DFF884E59FB7BBA076
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2800B83CBEAFF049C8789EF7A1B12413B3926B74B3E0E6DE53D201D0310D851687356022716C68475B899708AF993EB950E2A4EDA434974902BFAC1ABCB2361F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:........X..X.h.X.x X..(X..0QfQguX..5p...T..X.`(\..0]..].X0]..]........YsQLR..........].$.Q.b.Y..C..&...Q...Q..q.Q..\...X..T.*U...Q.b0UC.Y..UIj(.L.*Y..C..&...P...P..q.Q..\...X..P.;P.....GTK..AQ..X...UKj(..]K...n...C.X.l4(X.|40X..48X..4@QoQn.Q.Z4Y..V...iQ.Z,Y..R...Y.....UC.X..^X..YXK.;^.$.YK.2Y.`.X..Y..]..8Q..Y...X..Y......%].. Q..!Q...Y..]K..X...C.....UC.\..U..TH)..X..X..Q..TH(..."..)]s.\..Y..Q."Q..Y..Q.!...Ys.T.,.X.....X.. .JX..E.]j..vI..;..L.....2XsQLX..H`U...#X.Z!X......X+.X3..C...X.l4.efgQdQeQfQgX..@.....X.......X....3...T.p...\.t48]........X.. Y......X..\;.\;.X..4....\..40._....I........W../X...X..4....T..\.U.. .......\..4....X.LCX..X.T4.\..X.........\;.]..].<G\...9Y........X...M...Q..$GX....X.U.].<GX.T4.X.....C\I}..2Y........X.......X.f.X..Y....X.U.X.T4.X.....X..4....X.\40X..$X..X..4....XK\48..$.....X.l4.X..@QoQnQmQlonm...X.l4.XsQLX..\..T........UQ. ].`...Y..X...X...<Q...X..T..Q...Q.....Q.....5....X., Y...X...Q.X.\..Q.P....X.l4.......X..X.h.X.x X..(X..0QdQfQ

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log70D8.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):979456
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99981407215512
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:YWrEZ7mKWQIQ9x9Fm9UndCw1ICmQoXf2242kKHBvvJjVOXoZb3Xv8nIaSZWV46Wz:YWgZdIqrcoZ3oXJNHBvvRsYnv7ZKi22
                                                                                                                                                                                                                                                                                                                                                                            MD5:97472DF0A56ECDCC54FB9AEEF358F908
                                                                                                                                                                                                                                                                                                                                                                            SHA1:B331621C557A87D86E34ECB66179FFD97CA5255B
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A31B0874E2D28CE0E80A8A368E0052927AC1534B1CDF44E7589785DDE88CD418
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:00ED3787F39B05E92AFFE73A6924651B0AF434DD24E6CA9DA37FCE975E7BB678D51AE855A53D733495BB2CD850A1FB84773FA65EFEECAFA60581747FFB8377CD
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:...dU.S.8..vv..j.K..C.e....J...Xa(c.\.\....U...>va.o..|e.!.c..E ....H..f.....U.&..< "bS^......$...1....0.>.....>.q\...w~..Y6_J&...9....Z....{H.>.%cX..Q72.c4Wa.>.)..4x....T..8.u/-...[..A...`,u...d.b|......*.h.......f..A.D_W.\.....v..rRl...U-..q.L..[.[x..aE...&.aj...~....03.C.m2Y..1]{...4..i...D<.....#9./.%G},m. ......&Hc.c.W(*.q..........|O..<...5d....tKN...9..&..HH.r.)..?n..w..Lz........Z.Ph.......2.qL.w.].G.{.".*d...!;....l7N..r(.B..b.n.Ko|.".@'........Q9C^}.n...B:..-.I.D...O)Ze..rc.s.l..#..KG...i.L.f.Z...#...'x.8y>g......#/...@.o....=......`............{o.s'...../e..g....."l..VK.KUV.Q...4Y}.%..]....|.l.r.s.i...7..W.tH.(?P....*%?z,A].2...z..q.P.0q.h....J.B.f]......:~k.U..z].+@...........Q~..6.f..V....5p.............1B...pc.....@..c..}.dVzq.......Ne.g.....B.h..C.,..)@g..|.k.~..f..+..<q.j...a.,.q\.p..aoY-.n..7.9.HwDK.8..j.P....8i.K?+........0Z........#.5R.....}.3.vM..p.q.v.....6."Bv..t\.........2.Jw.~;2.ec..g+....0%>....o.....&

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log70D9.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):979456
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.189326536854322
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:LuZpOi1asmpOKrG826JQGdMsrB7lyOBqFKTHymDG:LuXOlFpOKR26iGHrB7lyOBbTG
                                                                                                                                                                                                                                                                                                                                                                            MD5:2D12AB39707E5010AB7BFCCBCDA58A13
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CFADFD75F8967F10461B3E4FAA924ED20EF71C8E
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:C5A6838FD2BA3F4CF8D61CBEA25D0DED5B4EDB85C75A0D831DC2180F82322A8B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D17C7786243D880A197C11D635A92209525AC5BD5C189E6712E1B9B5071F5525D92E333EA2354EE6A084478D83AB5DDAF4A4AF325953327DDF0ABB0A0608C69D
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8..f..........."...$............P..........*.............................p............`... ......................................................@....... ...............P..............................@]..(...................,................................text...p...........................`.P`.data....<.......>..................@.`..rdata..............................@.`@.pdata....... ......................@.0@.xdata..D...........................@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....`.... ......................@.@..tls.........0......................@.@..rsrc........@......................@..@.reloc.......P......................@.0B................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log74A3.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):963240
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999818378857415
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:JlsP8ivP3ukVToRmAHXY8BOwCqKlNDp4v2cY/BaXb8eRZ:JlsEi3u4oRjI5w+qnYYrl
                                                                                                                                                                                                                                                                                                                                                                            MD5:802A8AD64ED7F785D5567211A86A971B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:159D10F662011F1E5C22F03F24C281EABEB37C57
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:6083695BF20A09AF52267AA1175BA9CBA5ECA02603756D8DB92740AE0AD7BA02
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:3D4923836F9D745881607F5CD9C40E343E1FF1E9930030AE89C0CCF34FAC988FA7488FA96F84F570F887D95555F2BB7842332F1DC76C10A65D75D209F28C0375
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:...dU.S.8..vv..j.K..C.e....J...Xa(c.\.\....U...>va.o..|..!.*E.7......3."U...v...!|;....Cv24.A..!...V..a.U.k.........wee..E..:1!.Q.[.....1$^..@g..c.9.by.N&..\.@..y....#3....v...o.6.r..8..3_.u......\.....C..}..9..\pM?..J:..h.....9%...G/....%]-}.....+NR..:F6.X(..p...N....!ea.......f.....PQ.Yn....S.4.uS$...z^.Z-.k..........;...uu.}...G..C.]n@....j.....a4.n..........R#,Z.=xjN...K...dmq..-...f..C[F_D..LpO.1~.....gg.............f...7.7.*`.'.... V./i.`b....U..{@..J[x.x./....%.<..R$d0/Rg.ck.FV...R..{u..M...Y.a.2+..z.T..).GJ...........Y.(......"..Xt9G.....P.:t..n.=,D...Q....... ......b.....l......w../..J..kh..b1j.Y...W.oP:.?...=.2CK.................c."...N.@....*..w..X.N...;.{<..|i..G...]-.P.Dk.;. .m....CGqk...k..6"... .A(D...Mq..L;...Y7...M.6..{.......9.S.b.(.*..4.Y9>?.....`.iD3%.|..{....f.."..C....:...K.w:H|M..........A..n.....O.p.......bD......~.V......ii..HH.I..v...K..>...?!.4....../.S,.......~-..7.*..fu....2.tl...uN.......r.f^..%..V.tGO"..

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log74A4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):963240
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.63315431748134
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:Nj7dDxvo5outISmDa5HSueghSHkCvx44lmWymt+:NnLLSl1/Cp44h+
                                                                                                                                                                                                                                                                                                                                                                            MD5:B70474FE249402E251A94753B742788C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F53B3C21ADF75DC84977067869253E207F1B9795
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:753AC30C30AAE62415CC225E3D057B8B6254AFE280696E0A43F1A7C3132632A6
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:7776E05FE58CB3C12A4A020DEF9596ECFB6DC1B1F8CA010EC27A8AE027EADF1EEF901ACBAFE042E2F7B31D1920F62CE163342ACF37F96802EC27D68AC7BF972E
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F=&^'Su^'Su^'Su..u]'Su^'Ru.'SuSu.u.%SuSu.uo'SuSu.uh'SuSu.u.'SuSu.u_'SuSu.u_'SuSu.u_'SuRich^'Su........PE..d...$.&Y.........." .....h...:.......)..............................................C.....`.................................................p...(............@..hs...t...>......<...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata..hs...@...t..................@..@.rsrc................^..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log8A9E.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):31696
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9941297795568245
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:/lptOGGRDZCTNXFyPFlY51anUkftyUgBE6AFQyqnIkcQes:dptOV9whCU0yUgBX6boL
                                                                                                                                                                                                                                                                                                                                                                            MD5:D3C713395759D2F8FD6E3004CEE29155
                                                                                                                                                                                                                                                                                                                                                                            SHA1:AD36DB2AE6DAE67F0FAAF9358FE90F01D13B87C7
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:9221000AAAE622E0A7F3B362544BDCBEC7D4360778A3B173CF31407E820723AC
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:97860072DD6D0BEA478FC151EB1950F62D032CE0992F9B15C0476BBCF338F4785FDAE5B3BE22F0FD03A47E8900DA82FB00340A518157EFD72D8097FA5BD2B8AF
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:...dU.S.8..vv..j.K..C.e....J...Xa(c.\.\....U...>va.o..|..!.}...R...q.S..<...y.;...Y..H{......b$.k..R.....B...k.*..e...`..../l....z..A7.3x.,..3...j.5iXnR..V.}.....|.....g.@....aot.1......9.....C41O.N.'.....(!.H....r%...k...^.....f..KT../[...cu/.........X...e.v.+...M..cHg.ML....|...N....*.M..w.0....0Z..nQ.4Oo...-....3S.*../....b>><...."a=.+.`.2.k..D...bT.`.".\2%..]..+......n.q..8.Z...fX...-.3p..3^....^b`.`..>.J=..<.d..3am.i.L..cM.%;.r..*./U.y..0'+..)c.f;s...CF....w3..-...1......&.5...c.f:..LbJ./1.....f..?..s...J.(Ctt.h.k..l...Hk....,.0.{A.F88...^Pj...d....}.t..<.....{?m.P..."Yw....Q.2`.)ho.....A...d.@.0.f.8....{.P.[...+M.$.w...6....^R.C4&V......!F,...&..<..B...o..~.B.cJ%F.7+.E(.F.......2..9[..K.[..:.~.6.x.R.pN.%.TG.% .S...0.....c..._....?......VN?C..2].g.+o.._c...fE..3...d.E...?B....x..:N&.i..a.......G.[....`i.:2..........d...P...$/.`.rM$..b......a......!..L..D.$hN......\.,..Z..`Lb...IvJ7.q%N.[:..t.x..J.h...X7.(......5_+b...u.b.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\log8A9F.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):31696
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.370599355249386
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:384:6mwZVP8p19bExJI7UXw/qLTT6/SwJHuofJ48sTlZwgmXVY7WnBrrWHyHRN7/IFFg:p0Y+nXhTe/LJghT7wguV0ugFFXzg9z64
                                                                                                                                                                                                                                                                                                                                                                            MD5:0BD5E02B3F1A21A37836B531163A03F5
                                                                                                                                                                                                                                                                                                                                                                            SHA1:53E805EDD93DB58DEEA23B87ECA8DD5CF8BEC61F
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:18A6BAB96C2BAC36F67A501A2C4E3E943B694FED8BCC759B6860708FB3732D93
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BBD019131FFE608FF5483328545E882218D4371F1CE73E13CB104B4542981D0A5E81C3F239CA82D6A4830D6740ABE3946FC513ED6CE04D866FE77C3E1C3E0EF9
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TI.5'..5'..5'.,@...5'..d...5'..d...5'..d..5'..d..5'.o..5'..5&..5'.,@..5'.,@...5'.,@...5'.Rich.5'.........................PE..d.....'b.........."......2...$.......6.........@..........................................`..................................................r...............`.......T...'..........@...8...............................p............p...............................text....0.......2.................. ..`.data........P.......6..............@....pdata.......`.......8..............@..@.idata.......p.......<..............@..@.rsrc................J..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcp120.dll

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):659616
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.342863781105021
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:EOB4p+q4N8d4l2ms4cTHN+m+gy/vEPYysExtvsIvX71A+2EKZm+GWodEEpvYG:jAtvsIvL2EKZm+GWodEEpvYG
                                                                                                                                                                                                                                                                                                                                                                            MD5:EDEF53778EAAFE476EE523BE5C2AB67F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:58C416508913045F99CDF559F31E71F88626F6DE
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92FAEDD18A29E1BD2DD27A1D805EA5AA3E73B954A625AF45A74F49D49506D20F
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:7FC931C69ACA6A09924C84F57A4A2BCF506859AB02F622D858E9E13D5917C5D3BDD475BA88F7A7E537BDAE84CA3DF9C3A7C56B2B0CA3C2D463BD7E9B905E2EF8
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C..=...n...n...n..*n...n...n...n..<n...n.@&n...n..>n...n...n4..n...nJ..n...n...n..=n...n..:n...n..?n...nRich...n........................PE..d.....~W.........." .....>...................................................`......u.....`.........................................PU.. ...p2..<....@...........G.......>...P.......X..................................p............P...............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data........P...8...@..............@....pdata...G.......H...x..............@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcr120.dll

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):963240
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.633029580984311
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:cj7dDxvo5outISmDa5HSueghIHkCvf44lmWymt:cnLLSl1tCX44h
                                                                                                                                                                                                                                                                                                                                                                            MD5:AEB29CCC27E16C4FD223A00189B44524
                                                                                                                                                                                                                                                                                                                                                                            SHA1:45A6671C64F353C79C0060BDAFEA0CEB5AD889BE
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D28C7AB34842B6149609BD4E6B566DDAB8B891F0D5062480A253EF20A6A2CAAA
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2EC4D768A07CFA19D7A30CBD1A94D97BA4F296194B9C725CEF8E50A2078E9E593A460E4296E033A05B191DC863ACF6879D50C2242E82FE00054CA1952628E006
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F=&^'Su^'Su^'Su..u]'Su^'Ru.'SuSu.u.%SuSu.uo'SuSu.uh'SuSu.u.'SuSu.u_'SuSu.u_'SuSu.u_'SuRich^'Su........PE..d.....~W.........." .....h...:.......)....................................................`.................................................p...(............@..hs...t...>......<...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata..hs...@...t..................@..@.rsrc................^..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exe

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):15168624
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.995103539772992
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:393216:HI1h6RmkxaIpDU/VagbjJxz3bx5zFccBfn:HI4tUV5jjz1F7n
                                                                                                                                                                                                                                                                                                                                                                            MD5:DC3F1EEA3BC9B7AF0E882B062EC3330C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:A765CA6CDEEB25B4F88985D519B3F16B6B075B72
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:37E2D713F284120CD6F794947AF11E59D5ACDC2DC4C3A80D1620C88EBE55F188
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:ECF8312CC8D1B875D7721ABA3EE1A4F9F26D7D59E527C8CEF274B8ED3F8A3D40B1A805E795E72BB6BD62BCA2EDFE515A4FD1CB43B7EA6E305684850685713BC6
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c.H.c.H.c.H.c.H.c.H...I.c.H...I.c.H...I<c.H...I.c.H.c.H.b.H...I.c.H...H.c.H...I.c.HRich.c.H........................PE..d......f.........."....$.....6.......|.........@....................................#E....`.......... ..........................................d....`.......@..p....J..p*..........P...p.......................(.......@............ ...............................text...P........................... ..`fothk............................... ..`.rdata....... ......................@..@.data....'..........................@....pdata..p....@......................@..@.rsrc........`.......&..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64bridge.dll

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):12908544
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.190464799566411
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:196608:lVm0iCMo/H7SS9veQfysEiYRMK1DAw1Hc:lVmZBo/bSS9mPsMT+l
                                                                                                                                                                                                                                                                                                                                                                            MD5:88118F64D9D469AF9009E5F2A7527E2D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9D0AD49BFAF898D027E15AF052FD60681B5D4940
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:ACCD651F58DD3F7EAAA06DF051E4C09D2EDAC67BB046A2DCB262AA6DB4291DE7
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:79EEA6E3600348E805C83E17ED02DA9503BDD24E834542954036A48F332CEA93059FF4092A627AA779145404D96136F0DC4482B09988C3288011B20DB1D16813
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...$............P......... ...........................................`... ......................................................P.......0..............`...............................m..(.......................x............................text...p...........................`.P`.data...P1.......2..................@.`..rdata..@.... ......................@.`@.pdata......0......................@.0@.xdata..............................@.0@.bss....p.............................`..edata..............................@.0@.idata..............................@.0..CRT....`....0......................@.@..tls.........@......................@.@..rsrc........P......................@..@.reloc.......`......................@.0B................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):61152
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.262516440480273
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:RHnKOJ9rJZhONUrMeJ5shJEHZGTYKaogXLKdSREk672iRPx3:xKK9rVONUwew7EH0zasd8Ek672ixF
                                                                                                                                                                                                                                                                                                                                                                            MD5:7E7A1CA41C9BD33CE50483D575148235
                                                                                                                                                                                                                                                                                                                                                                            SHA1:70E38B6D3C4885B0D08DC0868B733F76287AD0FD
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FEE71869DE9614ED3CEC2A802A725E44E7F7F1EF81D6B71D28F74762B3FF7F39
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:130919A4A7489E7C85965143B74FB9C9C04F1AA1C14D91339B60C38FA0BCEECBC3E3299460EC7C44EF44A8D1C8414354CF9F7F128CDCB8ACFBDED24DC5607C23
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<.F.]j..]j..]j.,....]j......]j......]j......]j......]j.....]j..%...]j..]k..]j.....]j......]j..]...]j.....]j.Rich.]j.................PE..d....T;c..........".................@$.........@.....................................'....`................................................. >..x....p..p....`...........&......p....2..8...........................`7..p............0..p............................text............................... ..`.rdata.......0......."..............@..@.data...P....P.......:..............@....pdata.......`.......<..............@..@.rsrc...p....p.......@..............@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2673
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.99221956466768
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:8rdqTWoj3HcidAKZdA1FehwiZUklqeh3y+3:8wvy8y
                                                                                                                                                                                                                                                                                                                                                                            MD5:9E2FC238A767F155BC479CB46769A040
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5C05FEED9A650D36D7F116D0B040E0E1C3658D9E
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:220C252D9727BBAE84483BBA3789F3A37216E86A2DF0791808A628707489CAF1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F5108330949EE3E87D56029A62F4AEB2EF4F7A16767D6379AF7BE7640532F6E14D042C69A32E6308A0C6E696AD63EB7A2443B35E56C3E339B40776A93712D7B2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.........S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2675
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.0049645867534
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:8adqTWoj3HcidAKZdA1seh/iZUkAQkqehsy+2:8rvs9Qly
                                                                                                                                                                                                                                                                                                                                                                            MD5:5B1B4CD022C388D4651229C9629D2911
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9EE43B469A134D38FB688C7FEB0DE67F8B9F19E0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1C7036C2CD4D57BB32460C7F1E75A5B35CA36F4670B39E15497C338CD3061E57
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DB8C2E078BBE0C23846E416298ABC7E5F019B2CA21476DCB39AD93B43894B7706A7A7AAEBC868C22AB1B19EF8B183E63B18EE23F3CB993CFD1915EAE4C4C8423
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.........S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2689
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.017100922820735
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:8ddqTWojAHcidAKZdA14meh7sFiZUkmgqeh7syy+BX:86vxngy
                                                                                                                                                                                                                                                                                                                                                                            MD5:9F0E9955B9378CE4925C2CCB130A6DDE
                                                                                                                                                                                                                                                                                                                                                                            SHA1:236147E61A733DCB2977D2E643246A4EFFA02DE7
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:763833F4E00CC86D2DC29E56D76CEA50EDE038EE54F7DE5651DECB7B62FB15F9
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DBF9204CCD66F2C402DE373FD07D0F2F853450D7B979A4392D90F0B6C905E2A2F7FC8B317529459390BF096BAB4F2A221C2E1188BF4A5CAF59D9C3FDB90AED62
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.003256447167735
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:8OdqTWoj3HcidAKZdA1TehDiZUkwqeh4y+R:8nvnKy
                                                                                                                                                                                                                                                                                                                                                                            MD5:A69222259F7F5CC46B343F0B4CA8B957
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E9EAF70F07DE52828AC3E69A6F9D4B58168CDA3F
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F51133FB82A617E269D8CE109E1A424114C5E389950D413719C95CFDF1514818
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A5CEED78938DDA4CD499C2316D6E336710CB503AEBC1B4044101ED5A31E6015A73996F496BF9987C1F09A38A01C8D27CAA5A68F82A920CA2D07508F086AD14C9
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,....g...S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2677
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9912606037424907
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:8rdqTWoj3HcidAKZdA1dehBiZUk1W1qehmy+C:8wv39Gy
                                                                                                                                                                                                                                                                                                                                                                            MD5:3FFC4A8E69DB5AD54D414BBE9C5383B3
                                                                                                                                                                                                                                                                                                                                                                            SHA1:011390ED1612F5E0AB112A56C415EB113F113A12
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE5E2E84AA3E53609F42F92A51E9C8CDFDEED48D1A92723A25D88811FD2B1110
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B698BC3AA3803F95131F09494AF72E7FF30B966697BC0A1A92C23FAAA4A2D69FED57F5DC0C0C51F728039597E79E503CD0F411DE08A913D402D425D69613634F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,....j....S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 18:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2679
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.0013592216064255
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:8NdqTWoj3HcidAKZdA1duTeehOuTbbiZUk5OjqehOuTbgy+yT+:8qv7TfTbxWOvTbgy7T
                                                                                                                                                                                                                                                                                                                                                                            MD5:9C184EBF4CAF61993E7DB6A6C901A663
                                                                                                                                                                                                                                                                                                                                                                            SHA1:6B839A73794A79712700A15B8C880305D25267A4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:5749F8E52988483E0F7592583CA69015ADFE5D1A6069A7BCBF88806D2A935768
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:94A36EF584A8DFDF5E5A2D51500308F326B374E54366C5ABDC014FE9D703B44C5237C01BF59DB4253AEC9623FCB4DF5F2C9523A9924D9823445C051A30A1D427
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,....c...S..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.924932262439104
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNY89Kxeh:8S+OIfPUFuOdwNIOd8jvYR0uLv8U8P
                                                                                                                                                                                                                                                                                                                                                                            MD5:4DC0609D13EDA966700D232E770B2D33
                                                                                                                                                                                                                                                                                                                                                                            SHA1:A224E180B192ECCF4803C2ED9D63BCC549FCE7E9
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:EAB2B6B47C2B20EEB33E1F7EBFC93B539626D3153ABB7ABCE9DEED9C93165DA9
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F096495259E47DB002CDE7B57B1B41B59DC53EE248208F82058EC9C3A295360626F8737FF7DCF987C779FB0E07D31A364404EBDB2D63FE9DF66B4827962FB3E0
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.924932262439104
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNY89Kxeh:8S+OIfPUFuOdwNIOd8jvYR0uLv8U8P
                                                                                                                                                                                                                                                                                                                                                                            MD5:4DC0609D13EDA966700D232E770B2D33
                                                                                                                                                                                                                                                                                                                                                                            SHA1:A224E180B192ECCF4803C2ED9D63BCC549FCE7E9
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:EAB2B6B47C2B20EEB33E1F7EBFC93B539626D3153ABB7ABCE9DEED9C93165DA9
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F096495259E47DB002CDE7B57B1B41B59DC53EE248208F82058EC9C3A295360626F8737FF7DCF987C779FB0E07D31A364404EBDB2D63FE9DF66B4827962FB3E0
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                            MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                            SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                            MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                            SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                            MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                            SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                            MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                            SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.486860300026641
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:qnGRvo1YYbBp6hDLZwxhaXs6+4CNUv5RuFNBw8dcSl:he2FwxaXuqEwX0
                                                                                                                                                                                                                                                                                                                                                                            MD5:F779E63DD646524EDC2E3D5D56EECBED
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8F48F3B601A99E8665BB434EB4CF11597B8E6B43
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:24ECFEEAB033F2D3C322B5BE92449FB42F8B4A42B9BED6C43F7058B95F157866
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:34C477300EAB39B72889F487047A24888C6573D11EBC34895281D7EA1834CE2CE180AB62DD7F98A0BE2F54298C33CAB9B4133A137A78CFF4DCB9A44D729ABE1C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734725605);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734725605);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734725605);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173472

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):13162
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.486860300026641
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:qnGRvo1YYbBp6hDLZwxhaXs6+4CNUv5RuFNBw8dcSl:he2FwxaXuqEwX0
                                                                                                                                                                                                                                                                                                                                                                            MD5:F779E63DD646524EDC2E3D5D56EECBED
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8F48F3B601A99E8665BB434EB4CF11597B8E6B43
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:24ECFEEAB033F2D3C322B5BE92449FB42F8B4A42B9BED6C43F7058B95F157866
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:34C477300EAB39B72889F487047A24888C6573D11EBC34895281D7EA1834CE2CE180AB62DD7F98A0BE2F54298C33CAB9B4133A137A78CFF4DCB9A44D729ABE1C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734725605);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734725605);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734725605);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173472

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1518
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.240015584379154
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:vYSUGliPWSzUP1RGLXV+PyS62PHYB+mkDT5sQMGULlBpH9Qx2yhw0DCQf9qvAk48:Ap+rGgPFqB+mqGRaxd2ukzT8Gj
                                                                                                                                                                                                                                                                                                                                                                            MD5:0D69DBC4F211CFE1F337028B9A62FA75
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E30FC3F9917D1E19F1CD0672DC44E4C07993F674
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:C54B1BBDA7776FED0CA7C4098363447219694A9EF0B90362A3C349E4D4C76739
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A0ABD4CDBEBB8F51028AFDB2AB60A4702E992DE56E9C37164A0F7C8EDD7A6AF766C395D4408481D5A1481298C4D6D5389F56D27B8CD38F3E813590784A1C8519
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{ddfe5a59-0468-4f53-ba24-0d69411cec81}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{d32b6426-0baf-4954-b0b9-75d19ecc59ca}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1734725641226,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...W"..1..............U.1":{..jUpdate...7,"startTim..@5734...recentCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..eexpiry.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1518
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.240015584379154
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:vYSUGliPWSzUP1RGLXV+PyS62PHYB+mkDT5sQMGULlBpH9Qx2yhw0DCQf9qvAk48:Ap+rGgPFqB+mqGRaxd2ukzT8Gj
                                                                                                                                                                                                                                                                                                                                                                            MD5:0D69DBC4F211CFE1F337028B9A62FA75
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E30FC3F9917D1E19F1CD0672DC44E4C07993F674
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:C54B1BBDA7776FED0CA7C4098363447219694A9EF0B90362A3C349E4D4C76739
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A0ABD4CDBEBB8F51028AFDB2AB60A4702E992DE56E9C37164A0F7C8EDD7A6AF766C395D4408481D5A1481298C4D6D5389F56D27B8CD38F3E813590784A1C8519
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{ddfe5a59-0468-4f53-ba24-0d69411cec81}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{d32b6426-0baf-4954-b0b9-75d19ecc59ca}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1734725641226,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...W"..1..............U.1":{..jUpdate...7,"startTim..@5734...recentCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..eexpiry.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1518
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.240015584379154
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:vYSUGliPWSzUP1RGLXV+PyS62PHYB+mkDT5sQMGULlBpH9Qx2yhw0DCQf9qvAk48:Ap+rGgPFqB+mqGRaxd2ukzT8Gj
                                                                                                                                                                                                                                                                                                                                                                            MD5:0D69DBC4F211CFE1F337028B9A62FA75
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E30FC3F9917D1E19F1CD0672DC44E4C07993F674
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:C54B1BBDA7776FED0CA7C4098363447219694A9EF0B90362A3C349E4D4C76739
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A0ABD4CDBEBB8F51028AFDB2AB60A4702E992DE56E9C37164A0F7C8EDD7A6AF766C395D4408481D5A1481298C4D6D5389F56D27B8CD38F3E813590784A1C8519
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{ddfe5a59-0468-4f53-ba24-0d69411cec81}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{d32b6426-0baf-4954-b0b9-75d19ecc59ca}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1734725641226,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...W"..1..............U.1":{..jUpdate...7,"startTim..@5734...recentCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..eexpiry.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.031774864634348
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYypUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycydTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                            MD5:DAFDE33759E173212BD70C465BC18170
                                                                                                                                                                                                                                                                                                                                                                            SHA1:247E6985E9EEF91100641ECAB5A7EB0227C77CD6
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:7F159A5ECB97554872C91D4368CC199B89F219442E3ACA8B98522C33131B18C6
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:4629E36A6F32C7ABBDFF07B394ECB01DB6F7304DB6E11776A8BD1584BBF5976D50C559CDAECB0F2E5C3B1E6007BC680E5E744DF2150683B7193E014133A03DF2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T20:13:26.844Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.031774864634348
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYypUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycydTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                            MD5:DAFDE33759E173212BD70C465BC18170
                                                                                                                                                                                                                                                                                                                                                                            SHA1:247E6985E9EEF91100641ECAB5A7EB0227C77CD6
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:7F159A5ECB97554872C91D4368CC199B89F219442E3ACA8B98522C33131B18C6
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:4629E36A6F32C7ABBDFF07B394ECB01DB6F7304DB6E11776A8BD1584BBF5976D50C559CDAECB0F2E5C3B1E6007BC680E5E744DF2150683B7193E014133A03DF2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T20:13:26.844Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\3f0e07.msi

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {D43C4601-625B-43A4-9F82-1C3DF4A546F5}, Number of Words: 2, Subject: NetFxRepairTools, Author: Microsoft Corporation, Name of Creating Application: Windows Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):27435008
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.991419976562812
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:393216:Fkb/pZMhv6DC3aI880DWcj6L9DPgg/pkfvTRZ1dPT9UFgMw8sKUsfsFOXR:5gCsW5L9D//ifTRUFBMKzfH
                                                                                                                                                                                                                                                                                                                                                                            MD5:AE0E58E79A1585948311E1E5206E2867
                                                                                                                                                                                                                                                                                                                                                                            SHA1:076628EF0522824D83988B1EF0F87A89B3150E5E
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:15AF8C34E25268B79022D3434AA4B823AD9D34F3EFC6A8124ECF0276700ECC39
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:1969311C70E2DDF7AA614550CA83D62DB06E77D8DA7BDC2B939B1CC7A57744EA8C56DE555513C7B61964D8462FA27951F196F91B934C4192F765899ACFE766A8
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>.......................................................B...............................$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...................................................:...............1..."........................................................................................... ...!...+...#...$...%...&...'...(...)...*.../...,...-.......2...0...9...<...3...4...5...6...7...8...|...;.......@...=...>...?.......A...........D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI121E.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI125D.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):358048
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.411650277904684
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6144:jaczLWEYbeslrZOYnQnp0ysBVf+ZfW6LWAOk/UADttOUPMTZob+KC:2SLWEY8Yep/sTfZ6LWG/2UPMTZobO
                                                                                                                                                                                                                                                                                                                                                                            MD5:8752C01D76BC7B3A38B6ACAF5B9C387B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8C7B2B5FFDF3C46D2E9A5803F3B8AC20533E7778
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:344ABEB71DDCCFDB70786849CCA660982FD2AB099DCD74FD0D608A05139C8DB1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:5A88DE5BE489088D8108DC45903E5D8368B53109C45646AB14FFE8FFF41D5E3F5D19DC13EE1394DEDB494E36F76824424602C8C65C6227741C952C2FFB7F4A0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7bi.7...7bi.7_..7bi.7...7...6...7...6...7...6...7.|7...7.l7...7...7...7D..6...7D..6...7D..7...7..h7...7D..6...7Rich...7........PE..L.....c\.........."!.....X...................p............................................@.................................X........@..0............\.......P..\=......p...........................0...@............p...............................text....V.......X.................. ..`.rdata..H....p.......\..............@..@.data...H.... ......................@....rsrc...0....@......................@..@.reloc..\=...P...>..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\MSI12FB.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):2727
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.576560166535896
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:VK8Jp6ZpmzM1uVbxE9JquVDIuVcEuVK7BuVdcP3Jz1OaKuVEaPVIxEXxEXxEuI7X:VK8JpQAM09Ul3qkUoNdLCaPy++vI7G+
                                                                                                                                                                                                                                                                                                                                                                            MD5:F464286E56F2E8128F8A952F3AA5AACC
                                                                                                                                                                                                                                                                                                                                                                            SHA1:673F0533CAEAA87ED37B128A11543CCE60885735
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:283BADA6DD75D750A54009F8A613116C590BA59F37B8A3E27BE57FFA46246629
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:C46BCD74014BC9BD133E59F0B0FB55C59183BB3779A52DEA6E543142235ADA2F3BAF9B9FE873C1EE0EFB365858C6A0268D1FBCFCA3F0C69CFD2E3E54AAE527D7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:...@IXOS.@.....@.p.Y.@.....@.....@.....@.....@.....@......&.{36223E43-53E4-48EA-A1A6-71345F08EA65}..NetFxRepairTools..NetFxRepairTools.msi.@.....@.....@.....@........&.{D43C4601-625B-43A4-9F82-1C3DF4A546F5}.....@.....@.....@.....@.......@.....@.....@.......@......NetFxRepairTools......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{03E4C1DC-B3C4-4C33-B8CE-9B68235CD8F8}?.C:\Program Files (x86)\Microsoft.NET\Repair\NetFxRepairTool.exe.@.......@.....@.....@......&.{57A454BC-939C-4E3A-933D-7BA43563322A}..C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\updateplatform.arm64fre_a765ca6cdeeb25b4f88985d519b3f16b6b075b72.exe.@.......@.....@.....@......&.{9EA2AD88-18CE-4A27-ADC5-28F23834F7E1}R.C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\msvcr120.dll.@.......@.....@.....@......&.{2FE2D98E-4329-4144-9E3E-C085D25335C0}S.C:\U

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{36223E43-53E4-48EA-A1A6-71345F08EA65}

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.1667061192480397
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12:JSbX72FjyAGiLIlHVRp3h/7777777777777777777777777vDHFyNpKQo6KY1l0G:JUQI5zupKA78F
                                                                                                                                                                                                                                                                                                                                                                            MD5:B1E50B5B81C414D77990049AEBA28EE6
                                                                                                                                                                                                                                                                                                                                                                            SHA1:0051B8A3F9EE7C1B5190EBC5678AB872B1EFF527
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:32B5C4A46C0C53655D6601EB44D1007A0BE74F588F6AC322120676D697FE9ABD
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:7C105D6ADC1F0D52E86E4D21611A7D2662B850B9D4694957A866107949716CEAE18A88BE69B6F2272E13EAF1CD419C3BAB666B367DC91755885AAA6DCE7804AC
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5683279665843775
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:0h8Ph3uRc06WXJuFT59YnwdhSkdvVAEkrCyuJ1oRdhSkd7T3in0b:fh31FFTEni9eRCsA0
                                                                                                                                                                                                                                                                                                                                                                            MD5:9EDC59E2EB074A0E2A4E210C93998411
                                                                                                                                                                                                                                                                                                                                                                            SHA1:46C40C99B5BFE38AF00144D342E94904E950B20A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE93445DCA2DD2622334147C6D8630755E5BCE0F2AF08C731897BD890669E98A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DD42707FD90D7C312EC524FD2478CCB566E9FFD6D4AB1D7AC52574E1B8AEBDCA4AE4B034E14339DE96484F2BE4D2477A2C04B2F2FD6910505598148002228590
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):454234
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.356163074074998
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauy:zTtbmkExhMJCIpEG90D5JG81IIgMb
                                                                                                                                                                                                                                                                                                                                                                            MD5:85EFDE3113A1D651727BF24766695A94
                                                                                                                                                                                                                                                                                                                                                                            SHA1:3E22256C35AC7F1ABEE3DC12D998057A63C5F639
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:B9AF6D423DCB30822CB1D557B992E271D56CFD717C177DD82E95F1989E288130
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8D22F9F9900322AA9E9742186EB5DBC3F29511164DF61BA31FF4E170D08AF97E02967D553978F6D1E2F775E968BEC1DAA2435A45C9DDF7741BD580C582B7BE3A
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4926
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2451160697453543
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:FaqdF78F7B+AAHdKoqKFxcxkFiF7KaqdF7Fv+AAHdKoqKFxcxkFP1:cEOB+AAsoJjykePEd+AAsoJjykX
                                                                                                                                                                                                                                                                                                                                                                            MD5:EC959ABDBBC200567277DF695D8BFBA7
                                                                                                                                                                                                                                                                                                                                                                            SHA1:40B3DA86D0A15752BF7F69B1E7DF288F97496A52
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:3FA9E2C0A98494001DE225427678664ACD65D10BC088EB0FB8135C543C8D666B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:53FA703908A2ACA5ADEB7C6B88DFE0CFE4DE4FDE3D8BEA6074E7012FA6013D5BB1CE893B0D06FF3D2D4E643F95C898F50EA747ACEE7C2AE5D13BDEFD7ABD5C9A
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\System32\drivers\etc\hosts

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):854
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.702056901019614
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt5I:vDZhyoZWM9rU5fFcCI
                                                                                                                                                                                                                                                                                                                                                                            MD5:F7A24B2F5BC8B8D0A96C7B8FB630FF15
                                                                                                                                                                                                                                                                                                                                                                            SHA1:99F1A2D4551A15C477A11704E26B51A42A6B371A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:7C30573BF8BDB75FF17A83D7AB7AAF8BA8468A303024F878C4E6470B5EA09265
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:0E4C211C6F12DF95F97B007F500246FFC77FEA8A31BA04AC5A897C7BCCC5507829D1CB4A06AE25921C8F308395CC8453737A1E35D971280210F8EBD2AF1C31C7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                                                                                                            Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost....127.0.0.1 micrornetworks.com

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\log44D6.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:zlib compressed data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3268
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.941946680835663
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:9eAv8JtMfu8qSwsSwG0dzYaTdj0XrLZ0NAWMMS:9eAv8gf5+sFzzjEyG0S
                                                                                                                                                                                                                                                                                                                                                                            MD5:A8C6BE03C0670248F2205E69E49857DE
                                                                                                                                                                                                                                                                                                                                                                            SHA1:DD684A31E617B3A64B5FEEB3E050DF2CB5DB94F9
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:44AB035BB6B28428D4CCE3ECA0BCCBE1A2699AF61286AE0B53C362E6A55F2567
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:078CFE3604E04095CB6C95FFE471B87F62C8672A98500C3C9C1F7D4D8A748D54D451C7C664C741E302483CAC14730CEFD1913B9FC01E01279ADE41ED914931B3
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:x^..w.T.....,.X.+..-....7d.W.8H..._.......>....8..s..tx>a.g...h1...b....F....,F.>e..Q.,&.....:..S....Fbc.|...7.u.+.....r..!Ctyi...=....@pl..3#....V...@.u..|8....R..Q&]?.5.B.5nH[.....AQ.p..X._... h...[..b..t[.|T..L{.T.5...$.~..K.}..[..I.$.-..lS.....TGK.g..<..."..#..a*..$.Ftxm. ....1.u}.O=..m..._..;T......#.^......#..V.32...O...t?.<.f......5.c.. ...lT.Po.REe...a.k..;.].kNQ...`..p....?....K....N....r{.'.._...a.+.T.b..y......:...O^...e.X.%n....j...qG....!........C*G...r.Gj..4./Vi.....`m4..`..........s.`^U.g.F..XG.. ....g......B.kj.\..}......./.ziA?4y.......[.v.Ky........h.`.'..F?.....)bN....(. ...s..%.'...m...n+.i.T.B!j..V..Z..@;.b.`...P...E..b1.*.g..Z..~ ..:V^*..........e..O..E|7..r9........!.GD...j..#...B.R....=.N).~...6........ .4,#..c...,..>.v..........U._..D..<.QMY...me....[M..<l..Q. vN.dI...}.@....:..fvc..*..Y.vb..H...u8.2.......X....wc.p.5}Ni.}......jj...I.k.[..'...B.3......F.7.P......b...1q...@.-...-Ag.M...{..........FE'....|.%.h

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\log44D7.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):3268
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.519203673242016
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:KG0Qe6PmBf25AW6IZ4DSlctPW2TasUAQ+yilg9s3ZKMd31YyAbFgvUBI6M0fI:deJB+596IZ1o53zQ+vlNpx5UXY
                                                                                                                                                                                                                                                                                                                                                                            MD5:71A98768DEE25F8683F482067D7D8375
                                                                                                                                                                                                                                                                                                                                                                            SHA1:7F4FB02CA47A130040BF5D6A2EFB4ACB323449E1
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F02D62F3E4459824126FD0A4466FB352CD2CE6AE27D706DFF884E59FB7BBA076
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2800B83CBEAFF049C8789EF7A1B12413B3926B74B3E0E6DE53D201D0310D851687356022716C68475B899708AF993EB950E2A4EDA434974902BFAC1ABCB2361F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:........X..X.h.X.x X..(X..0QfQguX..5p...T..X.`(\..0]..].X0]..]........YsQLR..........].$.Q.b.Y..C..&...Q...Q..q.Q..\...X..T.*U...Q.b0UC.Y..UIj(.L.*Y..C..&...P...P..q.Q..\...X..P.;P.....GTK..AQ..X...UKj(..]K...n...C.X.l4(X.|40X..48X..4@QoQn.Q.Z4Y..V...iQ.Z,Y..R...Y.....UC.X..^X..YXK.;^.$.YK.2Y.`.X..Y..]..8Q..Y...X..Y......%].. Q..!Q...Y..]K..X...C.....UC.\..U..TH)..X..X..Q..TH(..."..)]s.\..Y..Q."Q..Y..Q.!...Ys.T.,.X.....X.. .JX..E.]j..vI..;..L.....2XsQLX..H`U...#X.Z!X......X+.X3..C...X.l4.efgQdQeQfQgX..@.....X.......X....3...T.p...\.t48]........X.. Y......X..\;.\;.X..4....\..40._....I........W../X...X..4....T..\.U.. .......\..4....X.LCX..X.T4.\..X.........\;.]..].<G\...9Y........X...M...Q..$GX....X.U.].<GX.T4.X.....C\I}..2Y........X.......X.f.X..Y....X.U.X.T4.X.....X..4....X.\40X..$X..X..4....XK\48..$.....X.l4.X..@QoQnQmQlonm...X.l4.XsQLX..\..T........UQ. ].`...Y..X...X...<Q...X..T..Q...Q.....Q.....5....X., Y...X...Q.X.\..Q.P....X.l4.......X..X.h.X.x X..(X..0QdQfQ

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF0E0AE1976DDBB605.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07360789735337692
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO4HHNpKQoHaY75YVky6lYt/:2F0i8n0itFzDHFyNpKQo6KY1
                                                                                                                                                                                                                                                                                                                                                                            MD5:B0CA1CB40224EB546D1F6837E3677449
                                                                                                                                                                                                                                                                                                                                                                            SHA1:221ADEA41F41A865E72A118F0E64615A3B261741
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:DD88C2ED5DF1E033FCD01147301E00A452AA5636239EA37C02942B5A33BCF214
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:1E75DAD001EFF7DCED9685A2DE8FC3217AC2D3D11D7A8529D50FFEB33F3C53FA7C1EE41C8615D19835F1993CA520C909C0DA7AB0AE645C15EE7742BFCF04A814
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF2C616A46C65C59DA.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF2FB0C20AF64E3073.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2551730085816484
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:a0vuaO+CFXJvT5E4YnwdhSkdvVAEkrCyuJ1oRdhSkd7T3in0b:XvsHTutni9eRCsA0
                                                                                                                                                                                                                                                                                                                                                                            MD5:6B53A6AE0EB5E65E88A82B47A1FC3AF2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F1193F01DF455ADBABACCEDE1B9EEFE394F19BEF
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:18691638870299D1D7C04D99D0E2E37742CB8C64998D01E31703ED0865688AFA
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BD313AC3382039403C0BF4F6B74BBB5E4683C6E2BDD6EFF2BAB39175632CD788F47E1764A5A72DD41198B038BBF87C7A5C226CA6BA048AA4DB0C9294AEA8A1D7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF62DAB7107C779F03.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF686C4ACF1566A1D1.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF7A0972ECCEFF5640.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF7CE01736F319022E.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2551730085816484
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:a0vuaO+CFXJvT5E4YnwdhSkdvVAEkrCyuJ1oRdhSkd7T3in0b:XvsHTutni9eRCsA0
                                                                                                                                                                                                                                                                                                                                                                            MD5:6B53A6AE0EB5E65E88A82B47A1FC3AF2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F1193F01DF455ADBABACCEDE1B9EEFE394F19BEF
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:18691638870299D1D7C04D99D0E2E37742CB8C64998D01E31703ED0865688AFA
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BD313AC3382039403C0BF4F6B74BBB5E4683C6E2BDD6EFF2BAB39175632CD788F47E1764A5A72DD41198B038BBF87C7A5C226CA6BA048AA4DB0C9294AEA8A1D7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DF8970A2FF1F38450F.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5683279665843775
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:0h8Ph3uRc06WXJuFT59YnwdhSkdvVAEkrCyuJ1oRdhSkd7T3in0b:fh31FFTEni9eRCsA0
                                                                                                                                                                                                                                                                                                                                                                            MD5:9EDC59E2EB074A0E2A4E210C93998411
                                                                                                                                                                                                                                                                                                                                                                            SHA1:46C40C99B5BFE38AF00144D342E94904E950B20A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE93445DCA2DD2622334147C6D8630755E5BCE0F2AF08C731897BD890669E98A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DD42707FD90D7C312EC524FD2478CCB566E9FFD6D4AB1D7AC52574E1B8AEBDCA4AE4B034E14339DE96484F2BE4D2477A2C04B2F2FD6910505598148002228590
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFA82B171743FA99CB.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):73728
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.13800740801450984
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:6n0bPST4dhSkdWdhSkdvVAEkrCyuJ1oknY:60pW9eRCHn
                                                                                                                                                                                                                                                                                                                                                                            MD5:C2F3147F60F02A25721E2300AD02176C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E8DF20F066C2644BAE5650C87EAEA4D22D8D1BCA
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:3E56D94759E760BC88BB88FAFC0F88DCD80E54764685D05700DFC71D7262088D
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DD3B8580EFEAB3B4068B87EFDB18E37C9274DFF59F67D0C90D3703820116D32EFD4188F9AD96305B8EA29E9592A32269E753566C1F3A250625224FE3F9EE6FD6
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFBA0CA1E68EB4FDFC.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFE50F32527E0F9782.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.5683279665843775
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:0h8Ph3uRc06WXJuFT59YnwdhSkdvVAEkrCyuJ1oRdhSkd7T3in0b:fh31FFTEni9eRCsA0
                                                                                                                                                                                                                                                                                                                                                                            MD5:9EDC59E2EB074A0E2A4E210C93998411
                                                                                                                                                                                                                                                                                                                                                                            SHA1:46C40C99B5BFE38AF00144D342E94904E950B20A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE93445DCA2DD2622334147C6D8630755E5BCE0F2AF08C731897BD890669E98A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DD42707FD90D7C312EC524FD2478CCB566E9FFD6D4AB1D7AC52574E1B8AEBDCA4AE4B034E14339DE96484F2BE4D2477A2C04B2F2FD6910505598148002228590
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\Temp\~DFFDC703732504F23B.TMP

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):1.2551730085816484
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:a0vuaO+CFXJvT5E4YnwdhSkdvVAEkrCyuJ1oRdhSkd7T3in0b:XvsHTutni9eRCsA0
                                                                                                                                                                                                                                                                                                                                                                            MD5:6B53A6AE0EB5E65E88A82B47A1FC3AF2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F1193F01DF455ADBABACCEDE1B9EEFE394F19BEF
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:18691638870299D1D7C04D99D0E2E37742CB8C64998D01E31703ED0865688AFA
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BD313AC3382039403C0BF4F6B74BBB5E4683C6E2BDD6EFF2BAB39175632CD788F47E1764A5A72DD41198B038BBF87C7A5C226CA6BA048AA4DB0C9294AEA8A1D7
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 162

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (815)
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):820
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.168738863037914
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:9HYUBvdtYIqX+BBHslgT9lCuABATHcuoB7HHHHHHHYqmffffffo:9HPltYtEKlgZ01BAIuSEqmffffffo
                                                                                                                                                                                                                                                                                                                                                                            MD5:C763A9B8E27F70D5C112A74A01E85574
                                                                                                                                                                                                                                                                                                                                                                            SHA1:6829D99F39985AA113EF44C7CBBBE1D4ACC7C168
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:6FD9707D0C6CEE4BE8286A0E1EFA5AC7B49389A8A6135A59424EB51BEA6D2A5A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:398E0C2BE9B0FB11B0E03AED07FF539B113CAC12AB8DDA39E0056CCD111F63DBF5FCD8903B64B74CBAF1ED376472A2028B098D00A0FFD0F767EA8AFB0621C39F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                                                                                            Preview:)]}'.["",["kadokawa games","fedex freight spin off","denver broncos playoffs","tiktok banned","one piece chapter 1134 spoilers reddit","samsung galaxy s25 ultra leaks","college football playoff","winter weather holiday travel"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":1690939791495020415,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 163

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):114984
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.490474062809529
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:1536:ON+4tY0S2yvGnf4vA6s/RXIGDXO9qJUMKur0K3niBBrltmCw3wnWs/ZuTZVUGkpQ:T2yvefrtJUEgK3Cvw3wWs/ZuTZVLj
                                                                                                                                                                                                                                                                                                                                                                            MD5:B734EC4E355F4C237C89603E3B29221D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9C9EE259451D0F4720FEF6881ADDFC91BFE56E6D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D84AF56B4231D20EE512865103F8DECC3308B17868A97DDDEE355D0F0BF37612
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:4247DADA89A9D44CFF3E1E907B60ADE47296C52B46D9E0D72C1DA758AC6DFCDD742B8CFFBBEFB6E30FE820BDED235580842F36113973FD2387B989E94D3B901E
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                                                                                                                            Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 164

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):29
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                                                                                            MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                                                                                            SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                                                                                            Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 165

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):132723
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4368015476908695
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3072:fUkJQ7O4N5dTm+syHEt4W3XdQ4Q6UuSr/nUW2i6o:fRQ7HTt/sHdQ4Q6UDfUW8o
                                                                                                                                                                                                                                                                                                                                                                            MD5:40D7258B12199615CB5504585A537627
                                                                                                                                                                                                                                                                                                                                                                            SHA1:EDCE3653E172BD53CFA580D0E0D695E72629EBB2
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:6462E2982CE906F96461628C88DE0284DC36106758A2107F3B5E2C4344958E11
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:28199ED174F33E9C1E741ECE042DA46D7C74CF6F965C676306CA4DF80A60B6C5321EDC796F6F4719DC54CFD968820B27C1BCC03989752BD379455600DF5E8DB1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                                                                                            Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 166

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):175897
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                                                                                                                                            MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                                                                                                                                            SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                                                                                                                                            Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 167

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5162
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                                                                                            MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                                                                                                            Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 168

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1660
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                                                                                            MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                                                                                            SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                                                                                            \Device\Mup\user-PC\PIPE\samr

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):160
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.438743916256937
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
                                                                                                                                                                                                                                                                                                                                                                            MD5:E467C82627F5E1524FDB4415AF19FC73
                                                                                                                                                                                                                                                                                                                                                                            SHA1:B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............

                                                                                                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Security: 0, Code page: 1252, Revision Number: {D43C4601-625B-43A4-9F82-1C3DF4A546F5}, Number of Words: 2, Subject: NetFxRepairTools, Author: Microsoft Corporation, Name of Creating Application: Windows Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.991419976562812
                                                                                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                                                                                            • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                                                                                                                                                                                                                            • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                                                                                                                                                                                                                            File name:NetFxRepairTools.msi
                                                                                                                                                                                                                                                                                                                                                                            File size:27'435'008 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5:ae0e58e79a1585948311e1e5206e2867
                                                                                                                                                                                                                                                                                                                                                                            SHA1:076628ef0522824d83988b1ef0f87a89b3150e5e
                                                                                                                                                                                                                                                                                                                                                                            SHA256:15af8c34e25268b79022d3434aa4b823ad9d34f3efc6a8124ecf0276700ecc39
                                                                                                                                                                                                                                                                                                                                                                            SHA512:1969311c70e2ddf7aa614550ca83d62db06e77d8da7bdc2b939b1cc7a57744ea8c56de555513c7b61964d8462fa27951f196f91b934c4192f765899acfe766a8
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:393216:Fkb/pZMhv6DC3aI880DWcj6L9DPgg/pkfvTRZ1dPT9UFgMw8sKUsfsFOXR:5gCsW5L9D//ifTRUFBMKzfH
                                                                                                                                                                                                                                                                                                                                                                            TLSH:B2573313B9CE8A3BDA8F9BB01639576904F274607B5790E742D8BD2D09731D186B0F8B
                                                                                                                                                                                                                                                                                                                                                                            File Content Preview:........................>.......................................................B...............................$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G..

                                                                                                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:38.848453045 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:39.152084112 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:39.760077000 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:40.967075109 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:43.077996016 CET4968980192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:43.375109911 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:47.014472008 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:47.315119982 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:47.919357061 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.188124895 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.192884922 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.192956924 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193030119 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193042994 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193142891 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193156958 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193180084 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193255901 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193269968 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193270922 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193300009 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193675041 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193677902 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193679094 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193705082 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193727970 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193773985 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193782091 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193871021 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.193903923 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.125113964 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.987930059 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.988137007 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.988677979 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.990689039 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.990761042 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.991702080 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.991772890 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.991959095 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.992027044 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.992141008 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.992163897 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.992259026 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.992945910 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.992974043 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993109941 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993109941 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993185043 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993191957 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993335962 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993406057 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993406057 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993501902 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993501902 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993527889 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993731022 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993803024 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993896008 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993912935 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993952990 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.993963003 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.994029045 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.994086027 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.995285034 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.995356083 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.995436907 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:49.995445967 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.034110069 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.034111977 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.034214973 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.050076008 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.343641043 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.343746901 CET44349706142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.343801975 CET49706443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.846411943 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.846568108 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.846632004 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.847621918 CET49705443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.847639084 CET44349705142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.858083010 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.858192921 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.858453035 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.859184980 CET49703443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.859201908 CET44349703142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.860255957 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.860305071 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.860399008 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.860462904 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.860788107 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.861033916 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.861048937 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.868721962 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.868786097 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.868798018 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.891918898 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.892009020 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.892030954 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.904045105 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.904136896 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.904159069 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.956087112 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.956162930 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.004102945 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.046730042 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.051112890 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.051225901 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.051284075 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.067800045 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.067867041 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.067902088 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.074455023 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.074551105 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.074584961 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.101193905 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.101262093 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.101280928 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.101331949 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.101394892 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.112833977 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.123797894 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.123874903 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.123928070 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.133533001 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.133687973 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.133735895 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.142492056 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.142549992 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.142582893 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.154299021 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.154366016 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.154397964 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.169294119 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.169344902 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.169375896 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.212097883 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.212131023 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.238001108 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.238184929 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.238214970 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.250514984 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.250566959 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.250598907 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.257800102 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.257853031 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.257864952 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.267143965 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.267172098 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.267200947 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.267218113 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.267277956 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.274647951 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.283657074 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.283711910 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.283725977 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.291018009 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.291115046 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.291129112 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.301238060 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.301276922 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.301326036 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.301343918 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.301563978 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.311853886 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.322515011 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.322623968 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.322700024 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.322767973 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.322999954 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.333137989 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.343892097 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.343969107 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.343971014 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.343988895 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.344101906 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.354126930 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.364300966 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.364392042 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.364408970 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.374279976 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.374351978 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.374365091 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.374402046 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.374458075 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.384241104 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.392154932 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.392226934 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.392247915 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.400641918 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.400698900 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.400727034 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.409185886 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.409321070 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.409389019 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.409410000 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.409867048 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.417707920 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.426476002 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.426567078 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.426594973 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.435102940 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.435126066 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.435158014 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.435184002 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.435221910 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.442292929 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.468944073 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.469063997 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.469079018 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.469100952 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.469383955 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.480019093 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.481249094 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.481796026 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.481827974 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.481862068 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.481889963 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.481937885 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.484849930 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.487518072 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.487683058 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.487709999 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.490302086 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.490365028 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.490375042 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.494518042 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.494570971 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.494580984 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.496789932 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.496845961 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.496859074 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.499072075 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.499125957 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.499139071 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.501979113 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.502038002 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.502049923 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.502146959 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.502211094 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.502405882 CET49704443192.168.2.16142.250.181.132
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.502434969 CET44349704142.250.181.132192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.529120922 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.784127951 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:52.388115883 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:53.599163055 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.076040983 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.076075077 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.076427937 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.076427937 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.076453924 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.013113976 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.333163977 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.575520039 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.575546026 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.575645924 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.575833082 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.575845003 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.820159912 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.820383072 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.820396900 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.821976900 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.822125912 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.823054075 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.823133945 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.823175907 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.867333889 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.877110958 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.877118111 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.925143957 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.516489983 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.516582012 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.516735077 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.516746998 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.516819954 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.517306089 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.517313004 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.530673981 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.530720949 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.530736923 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.530744076 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.530786991 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.537806034 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.590123892 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.590137959 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.636897087 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.636955023 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.636964083 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.686259031 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.686268091 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.712302923 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.712356091 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.712364912 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.720725060 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.720779896 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.720788956 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.729470968 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.729526043 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.729532003 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.742441893 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.742500067 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.742506981 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.755861998 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.755923033 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.755930901 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.769085884 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.769144058 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.769151926 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.779840946 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.779905081 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.779911995 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.792546034 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.793114901 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.793123007 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.797127008 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.807229042 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.807285070 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.807292938 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.820103884 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.820161104 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.820168972 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.831536055 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.831593990 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.831600904 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.844002962 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.844059944 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.844068050 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.893105984 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.893115997 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.900764942 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.900820971 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.900829077 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.903187037 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.903253078 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.903259993 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.912058115 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.912090063 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.912120104 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.912127972 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.912166119 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.924741030 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.937382936 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.937458992 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.937469006 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.939414978 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.939477921 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.939483881 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.954090118 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.954140902 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.954152107 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.961770058 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.961827993 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.961836100 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.973557949 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.973623037 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.973630905 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.986370087 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.986579895 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.986588001 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.996474981 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.996526003 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:57.996535063 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.007781029 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.007834911 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.007842064 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.021783113 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.021912098 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.021918058 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.027935982 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.028012991 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.028018951 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.038266897 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.038404942 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.038413048 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.047610998 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.047669888 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.047677994 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.056988001 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.057039976 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.057046890 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.064102888 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.064229012 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.064235926 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.072479963 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.072540998 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.072546005 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.092036009 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.092114925 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.092122078 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.093476057 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.093537092 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.093543053 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.097682953 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.097745895 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.097752094 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.104254007 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.104373932 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.104379892 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.107918024 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.107995033 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.108002901 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.113468885 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.113535881 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.113600969 CET49713443192.168.2.16142.250.181.46
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.113610983 CET44349713142.250.181.46192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.273874998 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.274132013 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.274154902 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.274527073 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.274620056 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.275207996 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.275304079 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.276947975 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.277010918 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.277148008 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.277148008 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.277159929 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.323117018 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:58.323133945 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:59.024013042 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:59.027848959 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:59.028868914 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:59.029809952 CET49715443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:59.029831886 CET44349715142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:00.821146965 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:01.430540085 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:01.430634975 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:01.430738926 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:01.430968046 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:01.431003094 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.352049112 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.352355003 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.352437973 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.352781057 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.353157997 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.353235960 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.353368998 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.353405952 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:03.353418112 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:04.117520094 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:04.121190071 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:04.121417999 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:04.121990919 CET49717443192.168.2.16142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:04.122057915 CET44349717142.250.181.142192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:05.945215940 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:10.432156086 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.572715998 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.692373991 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.692658901 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.693717957 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.813589096 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.088785887 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.088983059 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.089194059 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.092488050 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.212529898 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.545855045 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.558871984 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.599916935 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.665524006 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.665612936 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.666471958 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:18.785895109 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.924247980 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.924280882 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.924350023 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.924566031 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.924580097 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.097518921 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.098278999 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.098332882 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.101847887 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.221453905 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.336138964 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.336184025 CET4434972635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.336792946 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.351918936 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.351934910 CET4434972635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.573322058 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.624463081 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.143719912 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.143886089 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.143899918 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.143987894 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.143992901 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.145538092 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.145612001 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.314596891 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.314683914 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.314930916 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.329545021 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.329585075 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.329648972 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.329901934 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.329916954 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.371591091 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.371609926 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.440191031 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.580614090 CET4434972635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.586318016 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.609843016 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.609874964 CET4434972635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.609981060 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.610013008 CET4434972635.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.610692978 CET49726443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659076929 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659559011 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659653902 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659691095 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659707069 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659715891 CET49725443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.659722090 CET4434972534.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.663990021 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:21.783513069 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.162970066 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.216974974 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.367877007 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.417460918 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.572350025 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.572520971 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.572540045 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.572640896 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.572645903 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.575562954 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.575979948 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.598169088 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.598267078 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.598485947 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.648597002 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.648618937 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:22.694916010 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.034986019 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035079002 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035150051 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035276890 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035294056 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035305023 CET49727443192.168.2.1634.160.111.145
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035310984 CET4434972734.160.111.145192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.035824060 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.155251026 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.526160002 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.572213888 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.728637934 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.787527084 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:25.720946074 CET4972880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:25.842598915 CET804972834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:25.842746019 CET4972880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:25.842931032 CET4972880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:25.963097095 CET804972834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.695477962 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.695518017 CET4434972934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.696058989 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.697443008 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.697455883 CET4434972934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.726872921 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.726939917 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.727016926 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.728394985 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.728410006 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784619093 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784651995 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784729004 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784848928 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784862995 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.967705011 CET804972834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.012655020 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.012681007 CET4434973234.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.012764931 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.013003111 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.013015032 CET4434973234.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.014719963 CET4972880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.647209883 CET4973380192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.707895041 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.707915068 CET4434973434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.707990885 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.709520102 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.709532976 CET4434973434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.766858101 CET804973334.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.767360926 CET4973380192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.767483950 CET4973380192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.888372898 CET804973334.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.940741062 CET4434972934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.940828085 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.946217060 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.946245909 CET4434972934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.946305037 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.946508884 CET4434972934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.948694944 CET49729443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.957226992 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.957295895 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962131023 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962141037 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962210894 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962517977 CET4434973034.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962578058 CET49730443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.009077072 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.009181976 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.012617111 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.012641907 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.013025999 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.015698910 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.015793085 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.015887022 CET4434973135.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.016022921 CET49731443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.153280020 CET4972880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.240313053 CET4434973234.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.240401030 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.243679047 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.243685961 CET4434973234.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.244066000 CET4434973234.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.246648073 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.246769905 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.246809006 CET4434973234.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.247068882 CET49732443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.247124910 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.247155905 CET4434973534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.247529984 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.247648954 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.247663021 CET4434973534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.266443014 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.266475916 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.266561031 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.267868996 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.267884016 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.274085999 CET804972834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.274146080 CET4972880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.325319052 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.444930077 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.445023060 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.445178986 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.564913988 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.872231007 CET804973334.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.874547005 CET4973380192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.982124090 CET4434973434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.982217073 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.987215042 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.987215042 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.987226009 CET4434973434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.987479925 CET4434973434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.987544060 CET49734443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.995448112 CET804973334.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.995507956 CET4973380192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.473176956 CET4434973534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.473272085 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.477837086 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.477849007 CET4434973534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.478209019 CET4434973534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.481066942 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.481115103 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.481333971 CET4434973534.160.144.191192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.481400967 CET49735443192.168.2.1634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.518415928 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.518522024 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.523457050 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.523468018 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.523578882 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.523648977 CET4434973634.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.523705959 CET49736443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.523986101 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.524063110 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.524161100 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.525607109 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.525636911 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.531485081 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.575544119 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.748023987 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.748104095 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.754259109 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.754282951 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.754378080 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.754529953 CET4434973934.117.188.166192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.754587889 CET49739443192.168.2.1634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.243233919 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.363003016 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.363857985 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.364069939 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.483654976 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.912877083 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.032471895 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.227955103 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.283044100 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.353899002 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.361171961 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.456358910 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.456439972 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.473885059 CET804974034.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.473947048 CET4974080192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.480644941 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.480731964 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.480886936 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.600348949 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.373471975 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.493307114 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.571508884 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.619863987 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.633049965 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.633102894 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.633655071 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.633800983 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.633811951 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.745047092 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.850994110 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.851111889 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.854355097 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.854367971 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.854688883 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857176065 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857290983 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857358932 CET4434974334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857412100 CET49743443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857677937 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857764959 CET4434974434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857855082 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857964039 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.857985020 CET4434974434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.864743948 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.510267973 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.510302067 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.510844946 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.512366056 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.512378931 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.646718025 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.646730900 CET4434974634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.647159100 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.648614883 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.648623943 CET4434974634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.652813911 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.667299986 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.667359114 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.667448044 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.668884993 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.668899059 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.728015900 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.728035927 CET4434974835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.728519917 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.728672028 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.728691101 CET4434974835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.773771048 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.969014883 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.992605925 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.018915892 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.075362921 CET4434974434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.075479984 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.078777075 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.078807116 CET4434974434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.079350948 CET4434974434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.082273006 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.082345009 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.082500935 CET4434974434.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.084486008 CET49744443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.111463070 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.112272024 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.147521973 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.147562981 CET4434974934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.147674084 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.147689104 CET4434975034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.148694038 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.148694992 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.148813009 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.148824930 CET4434974934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.148919106 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.148927927 CET4434975034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.231237888 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.308274031 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.368608952 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.426673889 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.478111982 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.745590925 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.745672941 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.880424023 CET4434974634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.881398916 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.885804892 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.885818958 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.886022091 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.886068106 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.886075020 CET4434974534.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.886087894 CET49745443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.890954971 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.891036987 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.961016893 CET4434974835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.961100101 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.098124981 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.098136902 CET4434974634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.098762035 CET4434974634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.098823071 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.230957985 CET49746443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.230971098 CET4434974634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.233829021 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.233844995 CET4434974835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.233895063 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.234853029 CET4434974835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.237550020 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.237572908 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.237639904 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.238121033 CET4434974734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.238183022 CET49747443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.238243103 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.238325119 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.238651991 CET4434974835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.238723993 CET49748443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.353657961 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.362495899 CET4434975034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.362585068 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.366071939 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.366077900 CET4434975034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.366302013 CET4434975034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.368417025 CET4434974934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.368526936 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.370878935 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.370903015 CET4434974934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.371565104 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.371634960 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.371694088 CET4434975034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.371751070 CET49750443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.371977091 CET4434974934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.373728037 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.373790026 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.374135017 CET4434974934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.374209881 CET49749443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.548680067 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.591763973 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:42.701042891 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:42.820686102 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:43.016608953 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:43.066848993 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.068134069 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.187659025 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.198966980 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.199011087 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.199145079 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.199148893 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.199165106 CET4434975234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.199320078 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.200556040 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.200572968 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.200738907 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.200752020 CET4434975234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.244168997 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.363749981 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.382775068 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.422709942 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.558960915 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.606928110 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.682508945 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.685163021 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.685209990 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.685285091 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.685400963 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.685421944 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.802012920 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.997118950 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.056353092 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.415061951 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.415333033 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.420805931 CET4434975234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.421056032 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.931026936 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:45.931117058 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:49.447689056 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:49.567303896 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:49.912740946 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:49.972763062 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.066822052 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.066840887 CET4434975234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.067913055 CET4434975234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.072690964 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.072737932 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.073174953 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.077847004 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.077929020 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.078176975 CET4434975234.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.078236103 CET49752443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.117944956 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.125690937 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:50.172281027 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.263489008 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.263528109 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.263834000 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.263856888 CET4434975134.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.264209986 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.264271975 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.264425993 CET49751443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.264760971 CET4434975334.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.264825106 CET49753443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.817327023 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.823198080 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.823261023 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.823385954 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.824918985 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.824935913 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.975220919 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.000610113 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.120249987 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.158802986 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.216083050 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.475703001 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.521029949 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524152040 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524230003 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524370909 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524393082 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524429083 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524528980 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524557114 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.524662971 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.526065111 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.526092052 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.529112101 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.648977041 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.671628952 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.671658993 CET4434975835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.671720028 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.671838999 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.671847105 CET4434975835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.682090044 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.735018969 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.844547987 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.889348984 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.100608110 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.102798939 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.107521057 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.107542038 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.107611895 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.107717037 CET4434975534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.117753983 CET49755443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.757767916 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.759685040 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.762970924 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.763000011 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.763487101 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.763497114 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.763634920 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.768362999 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.768402100 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.768671989 CET4434975634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.768723965 CET49756443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.769345045 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.769364119 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.769406080 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.769622087 CET4434975734.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.769674063 CET49757443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.884460926 CET4434975835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.884541035 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.887012005 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.887021065 CET4434975835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.887346983 CET4434975835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.889955997 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.890042067 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.890115023 CET4434975835.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.890171051 CET49758443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.202482939 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.202529907 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.202632904 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.203394890 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.203568935 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.203583956 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.322374105 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467430115 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467459917 CET44349760151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467528105 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467720032 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467739105 CET44349760151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.521816015 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.575304031 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.982789040 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.983923912 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.983998060 CET4434976135.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.984227896 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.985702991 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.985735893 CET4434976135.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.102675915 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.296546936 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.296578884 CET4434976235.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.296677113 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.298099041 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.298111916 CET4434976235.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.311759949 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.366133928 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.423587084 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.423677921 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.426681042 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.426688910 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.427037001 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.429852962 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.429934025 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.430079937 CET4434975934.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.430146933 CET49759443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.702620029 CET44349760151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.702702045 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.705629110 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.705637932 CET44349760151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.705904961 CET44349760151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.708462000 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.708589077 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.708601952 CET44349760151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.708653927 CET49760443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.708962917 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.708997965 CET44349763151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.709063053 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.709168911 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.709182024 CET44349763151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.233731031 CET4434976135.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.233825922 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.238605022 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.238617897 CET4434976135.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.238720894 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.238985062 CET4434976135.190.72.216192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.239044905 CET49761443192.168.2.1635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.518246889 CET4434976235.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.518330097 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.523349047 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.523370028 CET4434976235.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.523438931 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.523586988 CET4434976235.201.103.21192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.523653030 CET49762443192.168.2.1635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.928843975 CET44349763151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:03.929083109 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.125293970 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.244899988 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.370151043 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.370194912 CET44349763151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.371187925 CET44349763151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.373419046 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.373503923 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.373867989 CET44349763151.101.65.91192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:05.373976946 CET49763443192.168.2.16151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.630917072 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.631922960 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.631958961 CET4434976435.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632097960 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632164955 CET4434976535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632261038 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632268906 CET4434976635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632703066 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632865906 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632869005 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632869005 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632889986 CET4434976435.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632987976 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632994890 CET4434976635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.633053064 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.633074999 CET4434976535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.750456095 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.945625067 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.993865013 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.642460108 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.642493010 CET4434976734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.642575979 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.642755985 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.642765999 CET4434976734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.694665909 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.814255953 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.849725008 CET4434976535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.849802017 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.849911928 CET4434976635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.849963903 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.852952003 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.852962971 CET4434976535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.853265047 CET4434976435.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.853281021 CET4434976535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.853337049 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.855477095 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.855489969 CET4434976635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.855751038 CET4434976635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.858854055 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.858859062 CET4434976435.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.859266996 CET4434976435.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.863848925 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.863975048 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.864109039 CET4434976535.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.864164114 CET49765443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.864492893 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.864583969 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.864681005 CET4434976635.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.864861012 CET49766443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.865216017 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.865298033 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.865730047 CET4434976435.244.181.201192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.867383003 CET49764443192.168.2.1635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.981965065 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.101571083 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.297017097 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.342853069 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.900018930 CET4434976734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.900114059 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.903418064 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.903424025 CET4434976734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.903742075 CET4434976734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.906280041 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.906399012 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.906440973 CET4434976734.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.906492949 CET49767443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.906847954 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.906938076 CET4434976834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.907048941 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.907177925 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.907197952 CET4434976834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.991343021 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.110974073 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.307339907 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.364593983 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.650501013 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.770127058 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.965112925 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.010852098 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.125495911 CET4434976834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.125607967 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.128753901 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.128784895 CET4434976834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.129129887 CET4434976834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.131419897 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.131498098 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.131633043 CET4434976834.149.100.209192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.131692886 CET49768443192.168.2.1634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.246964931 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.366590023 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.563271999 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.614224911 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:12.977618933 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.097409964 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.293165922 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.334547043 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.989149094 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.109167099 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.130513906 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.130544901 CET4434977134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.130630970 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.132126093 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.132136106 CET4434977134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.312388897 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.355746031 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.410146952 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.530411959 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.726228952 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.773222923 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:15.344393015 CET4434977134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:15.344506025 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:19.365468979 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:19.486167908 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:20.162554026 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:20.282316923 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:20.345065117 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:20.465081930 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:20.809947968 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:20.856703997 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.012208939 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.057065010 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.281853914 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.281878948 CET4434977134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.281918049 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.282527924 CET4434977134.107.243.93192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:21.282593966 CET49771443192.168.2.1634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:23.414107084 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:23.533822060 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:23.919269085 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:23.968691111 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.120704889 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.169121981 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.323584080 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.443232059 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.744240999 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.863862991 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:25.908951044 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.028661966 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.223793983 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.276220083 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.673851013 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.793530941 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.991184950 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:27.038302898 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.231234074 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.231354952 CET4434977334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232014894 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232439995 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232541084 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232686996 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232728958 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232877016 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.232925892 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233045101 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233078003 CET4434977734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233154058 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233191013 CET4434977334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233562946 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233571053 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233724117 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233737946 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233737946 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233737946 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233742952 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233901024 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.233925104 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234014034 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234033108 CET4434977734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234107971 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234131098 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234191895 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234215975 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234276056 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.234287024 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.452347994 CET4434977334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.452426910 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.455832958 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.455838919 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.459002972 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.459059000 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.459072113 CET4434977334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.459075928 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.459511995 CET4434977334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.459950924 CET4434977734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.460009098 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.461184025 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.461253881 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.461422920 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.461456060 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.461690903 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.463745117 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.463757038 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.463946104 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.464035988 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.464200020 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.466794014 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.466803074 CET4434977734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.467145920 CET4434977734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.469125032 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.469146967 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.469532967 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.471435070 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.471462011 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.471723080 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.477500916 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.477674961 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.477780104 CET4434977334.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.478677034 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.478708029 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.478826046 CET49773443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.478902102 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479060888 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479408026 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479477882 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479613066 CET49774443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479644060 CET4434977434.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479688883 CET49776443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.479705095 CET4434977634.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.480643034 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.480652094 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.480890989 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.480967999 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481071949 CET4434977734.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481195927 CET4434977534.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481231928 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481264114 CET4434977934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481419086 CET49777443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481453896 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481460094 CET49775443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481803894 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.481834888 CET4434978034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.482072115 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.482089996 CET4434977934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.482702971 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.482821941 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.482839108 CET4434978034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.482968092 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.483052015 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.483158112 CET4434977834.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:32.483473063 CET49778443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.784631968 CET4434977934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.784712076 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.791867971 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.791877031 CET4434977934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.792217970 CET4434977934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.795325041 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.795401096 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.795526028 CET4434977934.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.802953959 CET4434978034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.803307056 CET49779443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.803358078 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.807789087 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.807812929 CET4434978034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.808218956 CET4434978034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.811019897 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.811110973 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.811206102 CET4434978034.120.208.123192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.811259985 CET49780443192.168.2.1634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.880623102 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.020344019 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.215485096 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.222280979 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.274197102 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.341836929 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.537334919 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.584372044 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:36.028323889 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:36.148062944 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:39.132184982 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:39.251972914 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:44.230411053 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:44.350106955 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:44.544356108 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:44.664094925 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:51.150109053 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:51.269675016 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.265111923 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.358103991 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.385358095 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.477915049 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.674101114 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.794648886 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:04.486150980 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:04.605799913 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:04.797255993 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:04.916917086 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:06.290162086 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:06.409866095 CET108049718154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:09.391177893 CET497241080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:09.512301922 CET108049724154.12.191.39192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:14.620196104 CET4973880192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:14.740355015 CET804973834.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:14.930186987 CET4974180192.168.2.1634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:15.049966097 CET804974134.107.221.82192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:21.420205116 CET497181080192.168.2.16154.12.191.39
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:21.540064096 CET108049718154.12.191.39192.168.2.16

                                                                                                                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.051666975 CET6546553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.052172899 CET6498353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.053134918 CET53514931.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.187587023 CET53609671.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.189455032 CET53649831.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.192465067 CET53654651.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:50.994259119 CET53507461.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:51.706736088 CET53496221.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:54.938601017 CET5505753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:54.938735962 CET6424453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.074045897 CET53603621.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.075287104 CET53550571.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.075556040 CET53642441.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.433094978 CET5135553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.433290958 CET6357753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.571202040 CET53513551.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.575015068 CET53635771.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:07.903559923 CET53633481.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.026631117 CET6263253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.570029974 CET53626321.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.785567999 CET5072253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.923501015 CET53507221.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.947014093 CET53581211.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.336519003 CET5852053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.475630999 CET53585201.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.477797031 CET5446153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.615533113 CET53544611.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.893508911 CET5592853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.035901070 CET6547253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.175518036 CET53654721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.178878069 CET5000553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.316582918 CET53500051.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.557841063 CET5104053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.582993984 CET5568153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.694588900 CET53510401.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.695542097 CET5452253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.723344088 CET53556811.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.725630999 CET5343253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784636021 CET6403053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET53545221.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.833277941 CET6253753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.868387938 CET5625353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.869427919 CET53534321.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.870373964 CET6054753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET53625371.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.971307039 CET6551353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.982242107 CET53640301.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.983007908 CET5057653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.011651993 CET53562531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.011890888 CET53605471.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.012522936 CET5784353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.108660936 CET53655131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.109462023 CET5334753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.119832993 CET53505761.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.120546103 CET5836153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.149557114 CET53578431.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.150276899 CET5937953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.248445988 CET53533471.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.249262094 CET5515153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.261696100 CET53583611.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.262757063 CET5289153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.289591074 CET53593791.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.290313005 CET5571253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.400616884 CET53528911.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.401335955 CET6213653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.427200079 CET53557121.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.431480885 CET6325153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.462739944 CET53551511.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.463618994 CET5003553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.475996971 CET5741853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.506736040 CET6331953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.507210016 CET5512653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.539412975 CET53621361.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.540534973 CET5154653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.568985939 CET53632511.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.569605112 CET5032653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.570833921 CET6341953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.612931967 CET53574181.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.643268108 CET53633191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.679768085 CET53515461.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.680721045 CET6377253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.682760000 CET53500351.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.683757067 CET5619953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.706746101 CET53503261.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.821649075 CET53637721.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.823038101 CET53634191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.823806047 CET5289353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.824023008 CET5636953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.916075945 CET53561991.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.916865110 CET5535353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.961641073 CET53563691.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962788105 CET5295053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.963105917 CET53528931.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.054626942 CET53553531.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.102859974 CET53529501.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:30.725475073 CET53540491.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.351561069 CET6044253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.922431946 CET53608761.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.654586077 CET5906653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.791397095 CET53590661.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.799532890 CET6263253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.936645985 CET53626321.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.937388897 CET6213253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:38.074636936 CET53621321.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.504997969 CET6323353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.641752958 CET53632331.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.647111893 CET5441853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.784993887 CET53544181.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.788166046 CET5268353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.925997972 CET53526831.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:43.183605909 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:47.921767950 CET53575261.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.823620081 CET5181653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.975343943 CET53518161.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.526746988 CET5638653192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.663950920 CET53563861.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.010224104 CET5018053192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.147294044 CET53501801.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.202620029 CET5550153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.326457024 CET6304153192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.355097055 CET53521031.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.466129065 CET53630411.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467556953 CET6111953192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609087944 CET53611191.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609911919 CET5879553192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.749433994 CET53587951.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.984668016 CET6434453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.295475960 CET53643441.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.296957970 CET5141753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.509376049 CET53514171.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.510144949 CET6060253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.648283005 CET53606021.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.065938950 CET6278853192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632436037 CET5989753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.769329071 CET53598971.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.982199907 CET6215753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.991452932 CET5483753192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.129340887 CET53548371.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.130723953 CET5633353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.267559052 CET53563331.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:17.104526043 CET137137192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:17.856045008 CET137137192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:18.610709906 CET137137192.168.2.16192.168.2.255
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.231713057 CET6042453192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.371635914 CET53604241.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.313004017 CET6311253192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.454216003 CET53631121.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:45.457624912 CET53550131.1.1.1192.168.2.16
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:00.398905039 CET4934353192.168.2.161.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:00.538309097 CET53493431.1.1.1192.168.2.16

                                                                                                                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.051666975 CET192.168.2.161.1.1.10x4106Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.052172899 CET192.168.2.161.1.1.10x196Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:54.938601017 CET192.168.2.161.1.1.10xf10cStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:54.938735962 CET192.168.2.161.1.1.10x514bStandard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.433094978 CET192.168.2.161.1.1.10xe819Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.433290958 CET192.168.2.161.1.1.10xfde4Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.026631117 CET192.168.2.161.1.1.10x6432Standard query (0)ferp.googledns.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.785567999 CET192.168.2.161.1.1.10x5e7eStandard query (0)ifconfig.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.336519003 CET192.168.2.161.1.1.10x130eStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.477797031 CET192.168.2.161.1.1.10xf511Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:23.893508911 CET192.168.2.161.1.1.10x5e1eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.035901070 CET192.168.2.161.1.1.10xe613Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.178878069 CET192.168.2.161.1.1.10x3b57Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.557841063 CET192.168.2.161.1.1.10xb3a7Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.582993984 CET192.168.2.161.1.1.10xc2bStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.695542097 CET192.168.2.161.1.1.10x62efStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.725630999 CET192.168.2.161.1.1.10xe475Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.784636021 CET192.168.2.161.1.1.10x8efbStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.833277941 CET192.168.2.161.1.1.10x1973Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.868387938 CET192.168.2.161.1.1.10xdf53Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.870373964 CET192.168.2.161.1.1.10x2eb5Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.971307039 CET192.168.2.161.1.1.10xa938Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.983007908 CET192.168.2.161.1.1.10x8e8fStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.012522936 CET192.168.2.161.1.1.10xb10Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.109462023 CET192.168.2.161.1.1.10x4dd2Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.120546103 CET192.168.2.161.1.1.10xe7c0Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.150276899 CET192.168.2.161.1.1.10x91aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.249262094 CET192.168.2.161.1.1.10x2986Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.262757063 CET192.168.2.161.1.1.10x615eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.290313005 CET192.168.2.161.1.1.10x98c7Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.401335955 CET192.168.2.161.1.1.10x1bdStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.431480885 CET192.168.2.161.1.1.10x8698Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.463618994 CET192.168.2.161.1.1.10x28cStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.475996971 CET192.168.2.161.1.1.10x317fStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.506736040 CET192.168.2.161.1.1.10xd2e2Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.507210016 CET192.168.2.161.1.1.10x8245Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.540534973 CET192.168.2.161.1.1.10xfbe7Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.569605112 CET192.168.2.161.1.1.10x3aafStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.570833921 CET192.168.2.161.1.1.10xdc65Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.680721045 CET192.168.2.161.1.1.10x9910Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.683757067 CET192.168.2.161.1.1.10xc9aeStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.823806047 CET192.168.2.161.1.1.10x253aStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.824023008 CET192.168.2.161.1.1.10xe59bStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.916865110 CET192.168.2.161.1.1.10xb24dStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.962788105 CET192.168.2.161.1.1.10xd6ceStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.351561069 CET192.168.2.161.1.1.10x15dfStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.654586077 CET192.168.2.161.1.1.10xe5bdStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.799532890 CET192.168.2.161.1.1.10x31d7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.937388897 CET192.168.2.161.1.1.10x9ea4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.504997969 CET192.168.2.161.1.1.10x35b5Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.647111893 CET192.168.2.161.1.1.10xc6b6Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.788166046 CET192.168.2.161.1.1.10x3b17Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.823620081 CET192.168.2.161.1.1.10x4574Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.526746988 CET192.168.2.161.1.1.10xffceStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:53.010224104 CET192.168.2.161.1.1.10x70bdStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.202620029 CET192.168.2.161.1.1.10xb6dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.326457024 CET192.168.2.161.1.1.10xa8e0Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.467556953 CET192.168.2.161.1.1.10x279aStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609911919 CET192.168.2.161.1.1.10xbbecStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.984668016 CET192.168.2.161.1.1.10xc68dStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.296957970 CET192.168.2.161.1.1.10xfcf0Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.510144949 CET192.168.2.161.1.1.10x1b44Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.065938950 CET192.168.2.161.1.1.10x2d61Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.632436037 CET192.168.2.161.1.1.10x1e4eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.982199907 CET192.168.2.161.1.1.10x92f1Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.991452932 CET192.168.2.161.1.1.10x77b9Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.130723953 CET192.168.2.161.1.1.10x6613Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:31.231713057 CET192.168.2.161.1.1.10x550bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.313004017 CET192.168.2.161.1.1.10xe0b7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:00.398905039 CET192.168.2.161.1.1.10xb9fbStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.189455032 CET1.1.1.1192.168.2.160x196No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:48.192465067 CET1.1.1.1192.168.2.160x4106No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.075287104 CET1.1.1.1192.168.2.160xf10cNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.075287104 CET1.1.1.1192.168.2.160xf10cNo error (0)plus.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:55.075556040 CET1.1.1.1192.168.2.160x514bNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:05:56.571202040 CET1.1.1.1192.168.2.160xe819No error (0)play.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:16.570029974 CET1.1.1.1192.168.2.160x6432No error (0)ferp.googledns.io154.12.191.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:19.923501015 CET1.1.1.1192.168.2.160x5e7eNo error (0)ifconfig.me34.160.111.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.323070049 CET1.1.1.1192.168.2.160x137eNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:20.475630999 CET1.1.1.1192.168.2.160x130eNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.031794071 CET1.1.1.1192.168.2.160x5e1eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.031794071 CET1.1.1.1192.168.2.160x5e1eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.175518036 CET1.1.1.1192.168.2.160xe613No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:24.316582918 CET1.1.1.1192.168.2.160x3b57No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.694588900 CET1.1.1.1192.168.2.160xb3a7No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.723344088 CET1.1.1.1192.168.2.160xc2bNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.723344088 CET1.1.1.1192.168.2.160xc2bNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.783708096 CET1.1.1.1192.168.2.160xe576No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.783708096 CET1.1.1.1192.168.2.160xe576No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.832360029 CET1.1.1.1192.168.2.160x62efNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.869427919 CET1.1.1.1192.168.2.160xe475No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.869427919 CET1.1.1.1192.168.2.160xe475No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.970570087 CET1.1.1.1192.168.2.160x1973No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.982242107 CET1.1.1.1192.168.2.160x8efbNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.982242107 CET1.1.1.1192.168.2.160x8efbNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.011651993 CET1.1.1.1192.168.2.160xdf53No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.011651993 CET1.1.1.1192.168.2.160xdf53No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.011651993 CET1.1.1.1192.168.2.160xdf53No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.011890888 CET1.1.1.1192.168.2.160x2eb5No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.108660936 CET1.1.1.1192.168.2.160xa938No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.108660936 CET1.1.1.1192.168.2.160xa938No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.108660936 CET1.1.1.1192.168.2.160xa938No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.108660936 CET1.1.1.1192.168.2.160xa938No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.119832993 CET1.1.1.1192.168.2.160x8e8fNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.149557114 CET1.1.1.1192.168.2.160xb10No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.248445988 CET1.1.1.1192.168.2.160x4dd2No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.248445988 CET1.1.1.1192.168.2.160x4dd2No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.248445988 CET1.1.1.1192.168.2.160x4dd2No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.248445988 CET1.1.1.1192.168.2.160x4dd2No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.248445988 CET1.1.1.1192.168.2.160x4dd2No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.261696100 CET1.1.1.1192.168.2.160xe7c0No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.289591074 CET1.1.1.1192.168.2.160x91aNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.400616884 CET1.1.1.1192.168.2.160x615eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.427200079 CET1.1.1.1192.168.2.160x98c7No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.462739944 CET1.1.1.1192.168.2.160x2986No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.462739944 CET1.1.1.1192.168.2.160x2986No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.462739944 CET1.1.1.1192.168.2.160x2986No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.462739944 CET1.1.1.1192.168.2.160x2986No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.612931967 CET1.1.1.1192.168.2.160x317fNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.643268108 CET1.1.1.1192.168.2.160xd2e2No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.643268108 CET1.1.1.1192.168.2.160xd2e2No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.645663023 CET1.1.1.1192.168.2.160x8245No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.645663023 CET1.1.1.1192.168.2.160x8245No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.679768085 CET1.1.1.1192.168.2.160xfbe7No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.706746101 CET1.1.1.1192.168.2.160x3aafNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.706746101 CET1.1.1.1192.168.2.160x3aafNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.823038101 CET1.1.1.1192.168.2.160xdc65No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.916075945 CET1.1.1.1192.168.2.160xc9aeNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.961641073 CET1.1.1.1192.168.2.160xe59bNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.054626942 CET1.1.1.1192.168.2.160xb24dNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.574372053 CET1.1.1.1192.168.2.160x15dfNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.791397095 CET1.1.1.1192.168.2.160xe5bdNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.936645985 CET1.1.1.1192.168.2.160x31d7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.645778894 CET1.1.1.1192.168.2.160x33e2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.718394995 CET1.1.1.1192.168.2.160x5205No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.718394995 CET1.1.1.1192.168.2.160x5205No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.784993887 CET1.1.1.1192.168.2.160xc6b6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.197953939 CET1.1.1.1192.168.2.160x93adNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.667237997 CET1.1.1.1192.168.2.160xb00cNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.667237997 CET1.1.1.1192.168.2.160xb00cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.845030069 CET1.1.1.1192.168.2.160x2aecNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.845030069 CET1.1.1.1192.168.2.160x2aecNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.436899900 CET1.1.1.1192.168.2.160xb6dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.436899900 CET1.1.1.1192.168.2.160xb6dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.466129065 CET1.1.1.1192.168.2.160xa8e0No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.466129065 CET1.1.1.1192.168.2.160xa8e0No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.466129065 CET1.1.1.1192.168.2.160xa8e0No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.466129065 CET1.1.1.1192.168.2.160xa8e0No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609087944 CET1.1.1.1192.168.2.160x279aNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609087944 CET1.1.1.1192.168.2.160x279aNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609087944 CET1.1.1.1192.168.2.160x279aNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.609087944 CET1.1.1.1192.168.2.160x279aNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.749433994 CET1.1.1.1192.168.2.160xbbecNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.749433994 CET1.1.1.1192.168.2.160xbbecNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.749433994 CET1.1.1.1192.168.2.160xbbecNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.749433994 CET1.1.1.1192.168.2.160xbbecNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.295475960 CET1.1.1.1192.168.2.160xc68dNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.295475960 CET1.1.1.1192.168.2.160xc68dNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.509376049 CET1.1.1.1192.168.2.160xfcf0No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.204406023 CET1.1.1.1192.168.2.160x2d61No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.204406023 CET1.1.1.1192.168.2.160x2d61No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.391091108 CET1.1.1.1192.168.2.160x92f1No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.391091108 CET1.1.1.1192.168.2.160x92f1No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.376471996 CET1.1.1.1192.168.2.160xacc3No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.376471996 CET1.1.1.1192.168.2.160xacc3No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.129340887 CET1.1.1.1192.168.2.160x77b9No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.454216003 CET1.1.1.1192.168.2.160xe0b7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:00.538309097 CET1.1.1.1192.168.2.160xb9fbNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                            • www.google.com
                                                                                                                                                                                                                                                                                                                                                                            • apis.google.com
                                                                                                                                                                                                                                                                                                                                                                            • play.google.com
                                                                                                                                                                                                                                                                                                                                                                            • ifconfig.me
                                                                                                                                                                                                                                                                                                                                                                            • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            0192.168.2.164972834.107.221.82807488C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:25.842931032 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:26.967705011 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 31852
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            1192.168.2.164973334.107.221.82807488C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:27.767483950 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.872231007 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 64680
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            2192.168.2.164973834.107.221.82807488C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:28.445178986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:29.531485081 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32224
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.912877083 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.227955103 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32231
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.652813911 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.969014883 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32234
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.111463070 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.426673889 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32235
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:42.701042891 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:43.016608953 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32237
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.244168997 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.558960915 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32239
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:51.817327023 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.158802986 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32246
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.202632904 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.521816015 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32256
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.630917072 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:06.945625067 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32261
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.991343021 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.307339907 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32264
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.246964931 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:10.563271999 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32265
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.989149094 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.312388897 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32269
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.323584080 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:25.908951044 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.223793983 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32281
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:33.880623102 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.215485096 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 32289
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:44.230411053 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.358103991 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:04.486150980 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:14.620196104 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            3192.168.2.164974034.107.221.82807488C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:35.364069939 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.456358910 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 64688
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            4192.168.2.164974134.107.221.82807488C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:36.480886936 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:37.571508884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29212
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:39.992605925 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:40.308274031 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29215
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.233895063 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:41.548680067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29216
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.068134069 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.382775068 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29219
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.682508945 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:44.997118950 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29219
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.529112101 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:06:52.844547987 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29227
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:01.982789040 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:02.311759949 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29237
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:07.981965065 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:08.297017097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29243
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.650501013 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:09.965112925 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29244
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:12.977618933 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:13.293165922 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29248
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.410146952 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:14.726228952 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29249
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:24.744240999 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.673851013 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:26.991184950 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29261
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.222280979 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:34.537334919 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 10:59:45 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 29269
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:44.544356108 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:07:54.674101114 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:04.797255993 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 20, 2024 20:08:14.930186987 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            0192.168.2.1649703142.250.181.132443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:49 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 19:05:50 GMT
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-DqCVGQC0ndOHfMMq0Q7EdA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC124INData Raw: 33 33 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6b 61 64 6f 6b 61 77 61 20 67 61 6d 65 73 22 2c 22 66 65 64 65 78 20 66 72 65 69 67 68 74 20 73 70 69 6e 20 6f 66 66 22 2c 22 64 65 6e 76 65 72 20 62 72 6f 6e 63 6f 73 20 70 6c 61 79 6f 66 66 73 22 2c 22 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 2c 22 6f 6e 65 20 70 69 65 63 65 20 63 68 61 70 74 65 72 20 31 31 33 34 20 73
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 334)]}'["",["kadokawa games","fedex freight spin off","denver broncos playoffs","tiktok banned","one piece chapter 1134 s
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC703INData Raw: 70 6f 69 6c 65 72 73 20 72 65 64 64 69 74 22 2c 22 73 61 6d 73 75 6e 67 20 67 61 6c 61 78 79 20 73 32 35 20 75 6c 74 72 61 20 6c 65 61 6b 73 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 22 2c 22 77 69 6e 74 65 72 20 77 65 61 74 68 65 72 20 68 6f 6c 69 64 61 79 20 74 72 61 76 65 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: poilers reddit","samsung galaxy s25 ultra leaks","college football playoff","winter weather holiday travel"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","googl
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            1192.168.2.1649706142.250.181.132443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:49 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            2192.168.2.1649704142.250.181.132443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:49 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Version: 705503573
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 19:05:50 GMT
                                                                                                                                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC372INData Raw: 31 37 39 39 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 1799)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC117INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 38 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700288,3701384,102278205],"is_backup_bar":false},"page_h
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC273INData Raw: 31 30 61 0d 0a 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 10aooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 38 30 30 30 0d 0a 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 8000a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: .nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld(_.Hd?_.Hd.emptyHTM
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC1390INData Raw: 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 3dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _.sb(a,b,c,!1)!\u003


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            3192.168.2.1649705142.250.181.132443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:49 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Version: 705503573
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 19:05:50 GMT
                                                                                                                                                                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            4192.168.2.1649713142.250.181.46443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:56 UTC729OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: apis.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC916INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                                                                                                                                            Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 117446
                                                                                                                                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                            Server: sffe
                                                                                                                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 19 Dec 2024 04:11:06 GMT
                                                                                                                                                                                                                                                                                                                                                                            Expires: Fri, 19 Dec 2025 04:11:06 GMT
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                            Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                            Age: 140091
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC474INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: ction(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.n
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:57 UTC1390INData Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("S


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            5192.168.2.1649715142.250.181.142443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:58 UTC722OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: play.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 905
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                            X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:58 UTC905OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 37 32 31 35 35 34 31 31 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734721554111",null,null,null,
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:59 UTC942INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                                                                            Set-Cookie: NID=520=j5ge89C_R1Hf7Ou1CaHr20wZBXm6B2g84SWw2OL2C0bNz5gL9eTYF5cctkIojJ5sQIzxOjRykxUPPHyCuCbUNODaMP7lgpZ2t23rJWwG-fnEhl9sf5RArTZ3fxqzHLgCavXIWS8CAgszbV5VJ30GWuHEgxgoFLnH7doedaPOGnNvV8Nak592-xp-; expires=Sat, 21-Jun-2025 19:05:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 19:05:58 GMT
                                                                                                                                                                                                                                                                                                                                                                            Server: Playlog
                                                                                                                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                            Expires: Fri, 20 Dec 2024 19:05:58 GMT
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:59 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:05:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            6192.168.2.1649717142.250.181.142443980C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:03 UTC924OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: play.google.com
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 911
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                            X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                                                                            Cookie: NID=520=j5ge89C_R1Hf7Ou1CaHr20wZBXm6B2g84SWw2OL2C0bNz5gL9eTYF5cctkIojJ5sQIzxOjRykxUPPHyCuCbUNODaMP7lgpZ2t23rJWwG-fnEhl9sf5RArTZ3fxqzHLgCavXIWS8CAgszbV5VJ30GWuHEgxgoFLnH7doedaPOGnNvV8Nak592-xp-
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:03 UTC911OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 37 32 31 35 35 39 33 31 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734721559314",null,null,null,
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:04 UTC950INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                                                                            Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                                                                                                                            Set-Cookie: NID=520=gIEoGe-PGas3lBRv2uh4YOYvbrmm515GnLWPi3u2llML8XEQWXx6l55kivMsigT4F6QVd5ACdRNk8Uf1m6DKs6KpRHHmuBraRwGj8vzglsjlBQasth1y1R-Eqn6rrycVKaw1mLel_Ea2vePWmxwyepFo80UwEJ1UN8-RBzJAJtQNOCXpfg-I4mgEdA7XWYFq; expires=Sat, 21-Jun-2025 19:06:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                            Date: Fri, 20 Dec 2024 19:06:03 GMT
                                                                                                                                                                                                                                                                                                                                                                            Server: Playlog
                                                                                                                                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                            Expires: Fri, 20 Dec 2024 19:06:03 GMT
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: private
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:04 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            7192.168.2.164972534.160.111.1454434696C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:21 UTC94OUTGET /ip HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: ifconfig.me
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Go-http-client/1.1
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:21 UTC227INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            date: Fri, 20 Dec 2024 19:06:20 GMT
                                                                                                                                                                                                                                                                                                                                                                            content-type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                                                                                                                                                                            access-control-allow-origin: *
                                                                                                                                                                                                                                                                                                                                                                            via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:21 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            8192.168.2.164972734.160.111.1454437660C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:22 UTC94OUTGET /ip HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: ifconfig.me
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Go-http-client/1.1
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:23 UTC227INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            date: Fri, 20 Dec 2024 19:06:22 GMT
                                                                                                                                                                                                                                                                                                                                                                            content-type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                                                                                                                                                                            access-control-allow-origin: *
                                                                                                                                                                                                                                                                                                                                                                            via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                                                                                                                            2024-12-20 19:06:23 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:37
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\NetFxRepairTools.msi"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7038e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:37
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7038e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:37
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 74DBC12C47BBA93F00B18D929CC9320B C
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:39
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:46
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:46
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:46
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7648e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:329'504 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:46
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2004,i,5525789345313659739,3958555170584979043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7f9810000
                                                                                                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:46
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:47
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:47
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:05:57
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 51EA4663DED3D36C59DE5090ACBE1A6A
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x330000
                                                                                                                                                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:00
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\InputMethod\Chs\OnlineRoaming\x64dbg.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff786e50000
                                                                                                                                                                                                                                                                                                                                                                            File size:61'152 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:7E7A1CA41C9BD33CE50483D575148235
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:01
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c mkdir C:\Users\Public\Documents\78E3D2D7\
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:01
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:01
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c mkdir C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6fd780000
                                                                                                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:01
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:08
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6414a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:31'696 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0BD5E02B3F1A21A37836B531163A03F5
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000014.00000002.1500325866.000001D6789F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000014.00000002.1500325866.000001D6789F0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:09
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6414a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:31'696 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0BD5E02B3F1A21A37836B531163A03F5
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:10
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\ProgramData\Microsoft\DeviceSync\Device\Stage\Data\DevQueryBroker\DevQueryBroker.exe -svc
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6414a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:31'696 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0BD5E02B3F1A21A37836B531163A03F5
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:10
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\spoolsv.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\spoolsv.exe
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff719eb0000
                                                                                                                                                                                                                                                                                                                                                                            File size:842'752 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D4B1E3E4488E9BDC035F23E1F4FE22F
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6e9610000
                                                                                                                                                                                                                                                                                                                                                                            File size:21'312 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:Go lang
                                                                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2739528928.000001B6BFEB8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: Invoke_Mimikatz, Description: Detects Invoke-Mimikatz String, Source: 0000001B.00000002.2739528928.000001B6BFF28000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2739528928.000001B6BFECB000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: Invoke_Mimikatz, Description: Detects Invoke-Mimikatz String, Source: 0000001B.00000002.2442289903.0000000140623000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2739528928.000001B6C02A2000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2680115867.000000C000161000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2739528928.000001B6BFD8D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001B.00000002.2739528928.000001B6BF8A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:16
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:16
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:17
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff62c440000
                                                                                                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:Go lang
                                                                                                                                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001E.00000002.2677313204.000000C00000F000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001E.00000002.2442293644.00000001404EE000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001E.00000002.2442293644.0000000140234000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 0000001E.00000002.2677313204.000000C000236000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:17
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c29272-6054-4f1c-9b1f-da39f589753f} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b26d910 socket
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:19
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -parentBuildID 20230927232528 -prefsHandle 2952 -prefMapHandle 3800 -prefsLen 25402 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96d1e68a-4ba2-43e6-96ba-4f30bec53afc} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f5b241410 rdd
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:38
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5100 -prefMapHandle 5132 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb2d306b-13c2-47c1-93ff-384e016ef4a7} 7488 "\\.\pipe\gecko-crash-server-pipe.7488" 17f78090f10 utility
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7916a0000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:48
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff70e930000
                                                                                                                                                                                                                                                                                                                                                                            File size:468'120 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                                                                                                                                            Start time:14:06:48
                                                                                                                                                                                                                                                                                                                                                                            Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29972538 Relevance: 44.9, APIs: 23, Strings: 2, Instructions: 1110COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct$LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $0123456789-
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2779734142-700845222
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c2b7fcb762ee22fd038d01571557526ae6a4d5a68ff2ca7e59a80bf13ab56c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 43e39fb0de20d7fbfd9b59c346e53610201d7ec8c3be7cc6d37f02db0d0a75fb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c2b7fcb762ee22fd038d01571557526ae6a4d5a68ff2ca7e59a80bf13ab56c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60A289A2A1868285EB348F65D8502FD37E0FB45BE8F545036DE4E1BB95CF38E881E311
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29971598 Relevance: 44.9, APIs: 23, Strings: 2, Instructions: 1110COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct$LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $0123456789-
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2779734142-700845222
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bdffbc053a5d7b9542e8da4da97224127e444c6229f3e1c59ae31ef486766cd2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c52494a6bcd17b3eaa0f1c004c69831e7a0374a2eb87eb76c67859b91a7425a2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdffbc053a5d7b9542e8da4da97224127e444c6229f3e1c59ae31ef486766cd2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EA29CA2A1868286EB348F65C8502FD37E1FF45BE4F545035DE4E1BB99CF38E885A701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299785C4 Relevance: 44.8, APIs: 23, Strings: 2, Instructions: 1051COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct$LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $0123456789-
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2779734142-700845222
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ae050dc0c1a2b6e4ee61eb3e1f84d7d05ebceaa141bb100b9d65306e007e4272
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce254aaa58a6b9b1e554237c8c3a6acd34bf93aac1d9a30b2928036456c69b74
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae050dc0c1a2b6e4ee61eb3e1f84d7d05ebceaa141bb100b9d65306e007e4272
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06A29FA2A0868189FB348F66C8903FD37E1FB45BE8F544436DA5D1B796CF2DE445A302
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299759BC Relevance: 18.5, APIs: 12, Instructions: 543COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct$LockitLockit::_std::_$memmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1736386315-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c98f9813a2d5e4b4b344904d1cf0b753dff8c74d855db4308211d6f823ed02de
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6011241a6bc7c6db52b31e1959b976ffd323896af9d54b5762a0df1a0fd127ea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c98f9813a2d5e4b4b344904d1cf0b753dff8c74d855db4308211d6f823ed02de
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E32D262A18A9186EB718F25CC452FC73E0FB54BA8F545131EA8D17B99EF3CE580D342
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299751D0 Relevance: 18.5, APIs: 12, Instructions: 543COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct$LockitLockit::_std::_$memmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1736386315-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 586c8fbf07ac39ed69593d2fad2b907493782b3345e97b001d581fd4c93754a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0452a6c54d7f1ec5b415965ea17dd46d160a08b48d5acb4a83cf5cc6d00068b8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 586c8fbf07ac39ed69593d2fad2b907493782b3345e97b001d581fd4c93754a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B32C462A18A9186EB718F25CC452FC73E1FB447A8F545131EA8D17B99EF3CE580D302
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29979E9C Relevance: 15.5, APIs: 10, Instructions: 524COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct$LockitLockit::_std::_$memmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1736386315-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 66def096bfc488b74d25ab9f11cb17708ba3fb1f2236472d1a2e9a450be46d11
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ed86d2ca0b337934f418e2aac009a5a6b6e8e20fbc8a112462157acbb4fef09
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66def096bfc488b74d25ab9f11cb17708ba3fb1f2236472d1a2e9a450be46d11
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4932AF62A09BC589EB308F29CC402EC37A1FB95BD8F548132DA4D17B99DF39D685D341
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29954D84 Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 962COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@LockitLockit::_std::_$Mpunctlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1570016520-3606100449
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 92789d996b39726eadccf66249093454cfd711aeb9610c88f0c7e25b4dc2cd18
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c0235ef57a4c4b4e001a61d88f990768159c402a4346c0cf7d86d8df08a7f3b5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92789d996b39726eadccf66249093454cfd711aeb9610c88f0c7e25b4dc2cd18
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45927C22A0868286EB748F25C95027E37E1FF41BA4F548035DE5E17796CF3DE896E312
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29954138 Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 962COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@LockitLockit::_std::_$Mpunctlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1570016520-3606100449
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e17f6bc3652ff12376be1083eeead7d75fa7f2e4bed125bd8f798c5f046a4fcb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a7518a23a0d63362931f9d1d1b56014c0877ab40cb3409bdbaf0965baa74f34d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e17f6bc3652ff12376be1083eeead7d75fa7f2e4bed125bd8f798c5f046a4fcb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51929E22A0C68285EBB48F56895027E37E1FF82BA4F548035DE5E27795CF3DE856E310
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299535CC Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 928COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@LockitLockit::_std::_$Mpunctlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1570016520-3606100449
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d3c22f2b231014bc9e95559e28e80bbf0f9c15894be934a3df484b441711627
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4e1d31f54d4402b4f8b0a3d3c521326b54f9590a44ce9b80bb99065437eead13
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d3c22f2b231014bc9e95559e28e80bbf0f9c15894be934a3df484b441711627
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F482D222A0C682CAFB758E26895127E3BE1BF41BA4F548135DF5D07792CF2DE856E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29952AA4 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 870COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789-+Ee
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4240859931-1347306980
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 638d25f46e01bd44dd9a76dce2bec2aa58a86dd48f5dc52d348fed62cf458388
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0c58fcb7227c7ca4052c1fc39d5e0f1376ff3084feab6863fe68a89372d25bce
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 638d25f46e01bd44dd9a76dce2bec2aa58a86dd48f5dc52d348fed62cf458388
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51829D22A0868286EB348F26C9512BE37E1FF55BA4F548035DE5E07795CF3DE896E310
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29951F7C Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 870COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789-+Ee
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4240859931-1347306980
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1b5d7b4ef0b42e825f2856fc17c175f79d17a9088404539b6c085e0d11a70e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dc535d4d5278f55979469944b7f0ffee0847876e6a41f73bdd2233d2072e51aa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1b5d7b4ef0b42e825f2856fc17c175f79d17a9088404539b6c085e0d11a70e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59829D22A0868286EB348F66895027E37E1FF55BA4F548036DF5E07795CF3DE896E310
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29951540 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 834COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789-+Ee
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4240859931-1347306980
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2c7961b97c7b4509d2b163e5077103cd114c88725fbf1029830e90d219b16ea3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dec2852ea7ea8402695d2695b188f0f9d3d361442fb1e810a7740b649e5948c9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c7961b97c7b4509d2b163e5077103cd114c88725fbf1029830e90d219b16ea3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0172C222A0C6828AFB358F6589502BE37E1BF51BA4F548131CE5D07795CF3DE856EB00
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996BB84 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Findwcslen$??3@CloseFileFirstwcscpy_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4043372141-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ef302dc28abf5bc7fcfe55ee72a19690c639f79635b7b96fe48017a1bd5cc000
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 43d9053ab83c215983d762d7e49551c41e1c0e1a28ecf88e3bddc3b8fff7258f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef302dc28abf5bc7fcfe55ee72a19690c639f79635b7b96fe48017a1bd5cc000
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C41BE22A1C68285EA709F65EC542B973F0FB447B4F404238EA6E47AD4EF3CD585E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29956BF4 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@LockitLockit::_std::_$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1448460363-2799312399
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 95d56ff2c13f7cf20dbb5d9c65e1df98f9a6d2cc5e00b1fcc07ebe98b513d7f8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e592a359c4c6bc6450d210b981ea9e3a3ae0f216d74c0ca426ebe8f5adfdc67
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95d56ff2c13f7cf20dbb5d9c65e1df98f9a6d2cc5e00b1fcc07ebe98b513d7f8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6129D22B0968286FB308F65D8506BE37E1EB51BA8F548035DE4D1B785CF3EE985E350
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299565F4 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@LockitLockit::_std::_$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1448460363-2799312399
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8197e413689f01e5f5efde8053e2d8e6fb81e337ea9c049b83c93093b838d859
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6c1a8393c40060e0f5a4c8f00916e48bd67870f52c8433e39912aa366c688116
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8197e413689f01e5f5efde8053e2d8e6fb81e337ea9c049b83c93093b838d859
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5128026B08A8285FB308F65D8502BE37E1EB51BA8F588135CE4D1B799DF3DE845E350
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29956050 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 451COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@LockitLockit::_std::_$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1448460363-2799312399
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 112047a0edecbfe99df822d38edf5bc92959dd15324bd42e4d76e111a05f16ef
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a0b0c2aa659aa31eeb1c649f8f615aa5001e39694c0b5608f0e181b54457c83
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 112047a0edecbfe99df822d38edf5bc92959dd15324bd42e4d76e111a05f16ef
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB12B322B0868689FB718E75C8103BE3BE1AB45B68F584135CE4D5B796CF3DD846E350
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996C060 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: wcslen$??3@DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 430813860-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b0d9e3d57fc1e4f9aa600466fa4afde6396a9e6a0237978665d14d8948020fa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dbcf468fecffcab4f6894c0a7033a8c810e977ac0f8b573943751017bc3ba0ef
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b0d9e3d57fc1e4f9aa600466fa4afde6396a9e6a0237978665d14d8948020fa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D412562B14B5188FB10CFA1DC442EC37B5BB48BA8F44422ADE5D67B98DF38D585C340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29958824 Relevance: 4.8, APIs: 3, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 20592206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 52344c3e49a154ea5797b6bde1bcc319f0f087a3a474cb868c0d0990204642ea
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f9c7faf02997bc25e49e015325c92a5b5a78b0d1b9c8646b485d029d9c9a3be9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52344c3e49a154ea5797b6bde1bcc319f0f087a3a474cb868c0d0990204642ea
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96C1C362B09A8189FB219F65D8112FD77F1AF58798F444131DE4D6BA88EF38E44AD340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29958454 Relevance: 4.8, APIs: 3, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 20592206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c011a9e8349c53abf44781a94fc08337e8a0b452332c60b75c18766bac524e64
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ef55e9617a0d6ddec765ff38a1dc5728ec286c9f5c1da5e5076126572cc8f6b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c011a9e8349c53abf44781a94fc08337e8a0b452332c60b75c18766bac524e64
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EC1BF22B09A8189FB21CF66D8012FD73F1AF58B98F444531DE4D5BA99EF38E44AD340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996E0E8 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoLocale___lc_locale_name_func__crt
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2625200093-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b986a8df6ff15ba574e24399b6bbbe15e67a005e5a5d7fe2fc02ef9d0506d528
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 764600b0f44b1c8eeba1141a41ffb41acede273c46e874c4ee32d8344576d2b4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b986a8df6ff15ba574e24399b6bbbe15e67a005e5a5d7fe2fc02ef9d0506d528
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF0243261824287DB799F45E880478B3A5FBC8754FC04036EB9A03644CF7CE8EAEB00
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995DDFC Relevance: .6, Instructions: 618COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3382485803-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cafb8886591c41e35643013a00aa3819cd652bbb97703a01e5d07b08ff1d994b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f9c6e1f68e2548bd3631ae42f268e73056825368c5d4038749f2ebcec54e1e67
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cafb8886591c41e35643013a00aa3819cd652bbb97703a01e5d07b08ff1d994b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39429D62A0864296EB348F66D9802BE33A5FF89B94F148131DF9D17785CF3EE595E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995D5EC Relevance: .6, Instructions: 618COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3382485803-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ceca1b69611963f99de9259c5d49359d023476cf32b5a69accc029aaa1f36859
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e1786bf1f33b1c2ccfb00d7e4a79e522531589c9ada94e46cd3d9ddf9be7469
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceca1b69611963f99de9259c5d49359d023476cf32b5a69accc029aaa1f36859
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B426D62A08A8286FB248F2AD9402BE37A1FF85B94F148131DF9D17B95CF3DE555E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995CE7C Relevance: .6, Instructions: 572COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3382485803-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b87eee39c16195215b184906902bdc9ebe2cbc6bd18e793cf8b622515e09a1a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: db3bc7841f073f9b93d2b4cf6ce89e73102f8e5d711f81fffd934625b395f97b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b87eee39c16195215b184906902bdc9ebe2cbc6bd18e793cf8b622515e09a1a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB427F62A08A8185FB248F2AC94027E37A1FF85BA8F148635DF9D07795DF3DE595E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29938020 Relevance: 31.5, APIs: 12, Strings: 6, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: acquire_ref is not supported on _AnonymousOriginator$consume is not supported on _AnonymousOriginator$link_target is not supported on _AnonymousOriginator$release is not supported on _AnonymousOriginator$release_ref is not supported on _AnonymousOriginator$reserve is not supported on _AnonymousOriginator
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-3035609047
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e1d592e842e08a298711733f17c903a36762e107fbc2048054d68199f80efbb2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3412a500076ff3bcd7b54c52958893ab6909d18b80ad203866a9989b6c944ae
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1d592e842e08a298711733f17c903a36762e107fbc2048054d68199f80efbb2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E821F1A1A1C98BA1EE30DF24EC540A873B1FF54368F905031D14E47574EE2CE64EE741
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29937A90 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrow$??0exception@std@@$Concurrency@@$??0operation_timed_out@?set@event@?wait@event@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PMessage$_PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 611380787-3961265847
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: aca4964b4e383a8457cd32f29b61a77a440367d2b98160da85ceeb136efd8975
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6e6a40c3ca447c9132cb4ceba9a601b775bd88e57044e48e6880eea7d001b01d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aca4964b4e383a8457cd32f29b61a77a440367d2b98160da85ceeb136efd8975
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07513D72A08B4B92EE24CF14E8841A973F1FF94BA8F544039D68D47768EE3DD94AD740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299383C4 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrow$??0exception@std@@Concurrency@@$??0bad_target@$??0message_not_found@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 8609312-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2ed7c4f55bd424a0725bff876f288308b20e6e9e6f8835a5dc8d37f9afb33a38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 417fb837d48c0f3835604880ae47beb783c9aa4eea4c9734ed7b02e516435abb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ed7c4f55bd424a0725bff876f288308b20e6e9e6f8835a5dc8d37f9afb33a38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E518172A08B8B92DF20CF15E8442A9B3E1FF84798F548035D68D4BA69EF3CD549D741
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299433F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFF299434F7
                                                                                                                                                                                                                                                                                                                                                                              • :AM:am:PM:pm, xrefs: 00007FFF2994352F, 00007FFF2994355A
                                                                                                                                                                                                                                                                                                                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF29943478
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memmove$freewcslen$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadmalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3215197611-3743323925
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 49d838640c23cfded53866554419e4c423b9366f0932d7720304eb76f92c7dcf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fa9a0c126663d2de04657f52c2f957f9f3c1ac52927abd3ab382400e54a45b92
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49d838640c23cfded53866554419e4c423b9366f0932d7720304eb76f92c7dcf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB418E26A05B4286EA31EF62AD096A873E5FB4DBE0F895139DE1E07351DF3CE149D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993E71C Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Log2@details@$??0exception@std@@ExceptionThrow$Spin$Once@?$_Wait@$00@details@freememset
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3683716033-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 79755608db7dea2c50d4ff0eb41c4c7c40e5233167412cf807096e08c5d46ed3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7a855748428e91b16c6b6a53a4d277d0d70094c4d536f2b939f26c15b3c37e4e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79755608db7dea2c50d4ff0eb41c4c7c40e5233167412cf807096e08c5d46ed3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CC1BE22B18B8586EB708F56E8442A973E9FB88BE4F54013ADE5E477A4DF3CD445D304
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993639C Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow$Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PMessage$_PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1324123579-3961265847
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7b1418ed31d7fba57b63bcec5606098c765821f94f3b61824aa3b69448a639d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7df2aaf8ab9d475465d32b4c5e749ecc31acbb49818c2fb88f35ade9bb31f5c4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7b1418ed31d7fba57b63bcec5606098c765821f94f3b61824aa3b69448a639d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63615D76A08B4B91EF24CF19E8481A977A1FF84BA4F548035DA4D07B69EF3CD54AD700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29934BF8 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow$Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PMessage$_PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1324123579-3961265847
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0864ecc076d3c489fa357ea11b7cb5ba063e5121c32f3d4ef90282cdd82701ac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b82c964718babab00fb4ebc12e7122cfa6e96b262cf641bb14d37ba243e389dd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0864ecc076d3c489fa357ea11b7cb5ba063e5121c32f3d4ef90282cdd82701ac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3861B062A08B8B92EE24CF15E8441A9B3A1FF85BE8F544135DA8D07B69EF3CD549D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933B80 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_operation@Concurrency@@QEAA@PEBD@Z.MSVCR120 ref: 00007FFF29933BA3
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF29933BB5
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF29933C13
                                                                                                                                                                                                                                                                                                                                                                              • ??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF2993565F
                                                                                                                                                                                                                                                                                                                                                                              • ordered_message_processor.LIBCPMT ref: 00007FFF29935683
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29940910: ??0exception@std@@QEAA@XZ.MSVCR120 ref: 00007FFF29940919
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29940910: _CxxThrowException.MSVCR120 ref: 00007FFF29940937
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29940910: ??0exception@std@@QEAA@AEBQEBD@Z.MSVCR120 ref: 00007FFF29940953
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29940910: _CxxThrowException.MSVCR120 ref: 00007FFF29940971
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF2993571B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$ExceptionThrow$??0exception@std@@Lock@details@ReentrantScoped_lock@_$??0_??0invalid_operation@??1_Agents_EventTrace_agents@Type@1@_V123@@ordered_message_processor
                                                                                                                                                                                                                                                                                                                                                                              • String ID: async_send called without registering a callback$sync_send called without registering a callback
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4250405401-2212863482
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 46376da33528f5129a665ac2aa53bb0aa8904e720dc81a6f0030ecd71404404b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ed9d79899e27fa9cf55c03113a7471723822bc71049f9d016806939c6b2f5c8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46376da33528f5129a665ac2aa53bb0aa8904e720dc81a6f0030ecd71404404b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C518C22A09A4682EF348F28DC4437873E1FF94BA8F588139DA4E8B6A4DF3CD544D705
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996CAB4 Relevance: 18.1, APIs: 12, Instructions: 102threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentThread$Concurrency@@$?lock@critical_section@$?try_lock@critical_section@?try_lock_for@critical_section@Xtime_diff_to_millis2xtime_get
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1159801287-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 30c00391888584b85de44de09ace368bc7cc2b3d1588e065812e655513a8a6c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd11a07a70ea5f24100904e6ec462478bdd22cb5c89ef7952e5e51229995a856
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30c00391888584b85de44de09ace368bc7cc2b3d1588e065812e655513a8a6c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12410732A08A4686EB708F25DD4427973F1FB85BA4F488076E71E43694EF3DE849E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29932FE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PMessage$_PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-3961265847
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1327f33aecddfe11dd5db7b57bbe63e0f33dd3ebc13145bc4a3b5030d9c7f435
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 82ef626880084f677cc0defa5636c8bacd8a96b6f770f5c63b349559147dc8f0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1327f33aecddfe11dd5db7b57bbe63e0f33dd3ebc13145bc4a3b5030d9c7f435
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47518F72A08B4B91EE24CF59E8841A977E1FF80B94F944039DA8D07B79EE3DD589D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29957BD0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Mbrtowc$Maklocstr$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadlocaleconvstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ,$false$true
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3940437344-760133229
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 596b54919361c7791185e64b4d4e629a4aa1c74b68641fd1fa00d7e8a7dd7f1c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f65d8a339dec528c25701b46f21bb407f81787bad1209cf1af358b4a7140686e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 596b54919361c7791185e64b4d4e629a4aa1c74b68641fd1fa00d7e8a7dd7f1c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E515122518BC192E771CF21E8412AEB7B4FB997A0F405226EBDD07B55DF39D195CB00
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299430E8 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF29943163
                                                                                                                                                                                                                                                                                                                                                                              • :AM:am:PM:pm, xrefs: 00007FFF29943206
                                                                                                                                                                                                                                                                                                                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFF299431D3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: freestrlen$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadmallocmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 428156747-35662545
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 04d9a8e7f4bb24d0b4f7312e6daca66fb4e1b991a9b9e35972b1f24e0ea5b93c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 065c3ea3ce2121fdd3be94f030a270e4abd7c5402d745ec5a4d8617bd9185376
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04d9a8e7f4bb24d0b4f7312e6daca66fb4e1b991a9b9e35972b1f24e0ea5b93c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5841B522A09B4182EA26DF31AA152B877E1FF59FE0F489135EE4D07759DF2CE095D300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299432E4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF29943362
                                                                                                                                                                                                                                                                                                                                                                              • :AM:am:PM:pm, xrefs: 00007FFF299433C1
                                                                                                                                                                                                                                                                                                                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFF299433B0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadmallocmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 459107409-35662545
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13401c5c5fd1fd19a4e51c1a3dc4c1ec9bf165789bcdc170a62a067a9a846110
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 506b9712cf46ffe9e30ee0178a304539b8888c026e02a57082f34bbcd182423d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13401c5c5fd1fd19a4e51c1a3dc4c1ec9bf165789bcdc170a62a067a9a846110
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF319E21A08B4282EB25DF75E9452B873E1FF98BA4F844634DA4D43786EF3CE585D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993E3EC Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@$ExceptionThrow$V01@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Index is inside segment which failed to be allocated$Index out of range$Index out of segments table range
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2939144689-635427165
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f3ae9680e31e5c8cee688f04f0c6675c83d8aacdb6baa21bb8e79ba499629f84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b8e4162958937618e487c348d09fe611eef1e3ec60e3d7ab1c832c66520ce8e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3ae9680e31e5c8cee688f04f0c6675c83d8aacdb6baa21bb8e79ba499629f84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4921EC65A18B0B99EF249FA0EC450E833F5FB14368B904435DA1D5BA74FE3CE15AD381
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29931F88 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@Concurrency@@ExceptionThrow$??0_??2@Agents_EventLock@details@ReentrantTrace_agents@Type@1@_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: pAgents
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2556049404-1392246958
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f92d91357e839c5460db48caca900922eecaa38d9aa5d1ffb16a22610aeeeb7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 06f764d535002bee9596b1463d6e742f98edf4af69277a46e89dce9b918b512c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f92d91357e839c5460db48caca900922eecaa38d9aa5d1ffb16a22610aeeeb7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EB12932605B8599EB21CF64DC802ED33E5FB44B68F54423ADA4D17B68DF38D699D300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29935B34 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29937214: Concurrency::details::_Concurrent_queue_base_v4::_Concurrent_queue_base_v4.LIBCPMT ref: 00007FFF29937241
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29937214: ??0critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29937255
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935BB3
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF29935BCC
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935BF8
                                                                                                                                                                                                                                                                                                                                                                              • ??0critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935C79
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935C87
                                                                                                                                                                                                                                                                                                                                                                              • ??2@YAPEAX_K@Z.MSVCR120 ref: 00007FFF29935CA1
                                                                                                                                                                                                                                                                                                                                                                              • ??0exception@std@@QEAA@AEBQEBD@Z.MSVCR120 ref: 00007FFF29935CFF
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF29935D1B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??0_Lock@details@Reentrant$??0critical_section@$??0exception@std@@??2@Agents_Concurrency::details::_Concurrent_queue_base_v4Concurrent_queue_base_v4::_EventExceptionThrowTrace_agents@Type@1@_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 717911394-588581970
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 614920a25efed52c4a629180702d79c33e1707f086ff682d883719cf232673b7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fd0776f21fa3fd6f2ba8c6b43b977906fc03e19c2c2894ec9fd59e060a0850ec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 614920a25efed52c4a629180702d79c33e1707f086ff682d883719cf232673b7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B714632609B4596EB28CF64E8943EC33E4FB08BA8F504239DA6D477A4DF38D569D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299734D8 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memcpy_smemmove$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadlocaleconvstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1683287889-1561270975
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 31c9677dc76e83a2dbc2ce58b392580b0977651831a2002b9f9f22cdd3a16101
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8b5b1e08cc01861ff78b83f1a52abe0020a4eda32a3ca5ff2bb37cc635227b4e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31c9677dc76e83a2dbc2ce58b392580b0977651831a2002b9f9f22cdd3a16101
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE51ACA6A08A8193E730DF21EA510BE3BE0FB45BE0B544536CB5D03B51EF38E569E301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29979458 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memcpy_smemmove$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadlocaleconvstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1683287889-1561270975
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5732aae188a8b9c5d95a8825859aff0d2e005ff07048e862a0b9cc1538da8df2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aa731319c5f87dfea933300f4c474a5e77a023e43b68c5be7afbef2f5f521ebb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5732aae188a8b9c5d95a8825859aff0d2e005ff07048e862a0b9cc1538da8df2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D51BFA6A08A9197E730DF21E9500BD3BE0FB49BE0B544135DF5D03A51EF38E569E301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993E068 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Spin$??0exception@std@@ExceptionThrow$Concurrency@@Once@?$_Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3271151680-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4e953ace05d6b7195a4a937d3f44800dece89df056cfb3a985a89f160c6993cb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 277341b4ddd843a9a42314fb9e96a46c97f6480b74a84a5abc958fe644b17e73
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e953ace05d6b7195a4a937d3f44800dece89df056cfb3a985a89f160c6993cb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF513972609B4692EB308F55EC403A973E5FB88BA4F504239D99E477A8EF3CD449E740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29957DE0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MaklocstrMbrtowc$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadlocaleconvstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ,$false$true
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3576583073-760133229
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b757dfb95bc16b2b20070f59b2a13cb46752fe30c9f7f3434002808a267729c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ed8cfcef7aaf4080d39cbb637a17586321edf5908c52e564c38ffd686cdb05b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b757dfb95bc16b2b20070f59b2a13cb46752fe30c9f7f3434002808a267729c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F516F22618BC182D731DF21E8402AEB7B4FB98BA0F505226EADD07B69DF3CD595D740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993EDA4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Log2@details@$??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2736381460-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 516c19d47cbfcc2b35ffab1a169240619dda163a6fa8fcb80b07556ca2b4d246
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6197f8265c86cf0aec829519513a4a62b74b56bd754a7da2b3fc74bd88efb451
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 516c19d47cbfcc2b35ffab1a169240619dda163a6fa8fcb80b07556ca2b4d246
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B811722B08A8A86EB309F55E9043B973A5FB48FE4F544235DE6D17BA4DE3CD445D304
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29973698 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memcpy_smemmove$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadlocaleconvstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3012979763-1561270975
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e6165abbede8716f3c04062eacf77ded247b064b99813f7f92c7d08269d11b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a8b44dc5e60d0a90789acef0c44cff78837dc4385ee06b29c1c7246d0d2e012b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e6165abbede8716f3c04062eacf77ded247b064b99813f7f92c7d08269d11b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1651B2A6A08A81A3E730DF21E9511BD3BE4FB45BE0B544135CF9D03A51EF38E569E301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299335DC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@Concurrency@@ExceptionLock@details@ReentrantScoped_lock@_Throw$??0_??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1657737417-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4781e60f624d476f05e95379bcc7b1490a73a8ed79da17ea5b243b3df083ee17
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 908c508f02d13bccd44939f4b66a6de6313cd7fc14eb2c693eefaa1deb97c74f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4781e60f624d476f05e95379bcc7b1490a73a8ed79da17ea5b243b3df083ee17
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA31B332A08F4691DB30CF14E8441A973E5FB84BA8FA44236C69D47B68DF3CD94AD740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299406D8 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __iob_func$??0exception@std@@V01@@abortfputcfputsrand_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID: invalid random_device value
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3223041195-3926945683
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 430fedf5e5f1acf360840f2e2135f074ec8961c48b4bd7c52b0efa7db55cf56b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ddd746a46e7362f97bb462c7f2bb78c6e14c30630b307e1c559251298514f6f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 430fedf5e5f1acf360840f2e2135f074ec8961c48b4bd7c52b0efa7db55cf56b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51013665A2560A93EB24AF65EC440A833A6FF58B61F841078CA0D47620DE3CE55DD702
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996EFB0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3508154992-4256519037
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c7e8cc5291c564e8efd43cd7e82dade4be400e79eb503af07c09d88457166660
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f832fb8a68fa99dd61df941f13cf4e119fc3393f826deaaab3353c0a774ccec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7e8cc5291c564e8efd43cd7e82dade4be400e79eb503af07c09d88457166660
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1951D522E0DA9285FB718F24EC5437976D0BF45BB9F194035DDAD47291DE3CA88AE700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996F288 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3508154992-4256519037
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 892bd66c211cf695813a5f001a2d270ed28a951502340dc063ae6a7cbd7c1e07
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3153ee999e733e92fea104cbeada6bc80c0c82ebb6b44a7fc950fc73c85c91f6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 892bd66c211cf695813a5f001a2d270ed28a951502340dc063ae6a7cbd7c1e07
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1151D323E0DA9285FB318F21AD1477D76D1AF45BF4F584139CEAD03694DE3CA846A710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993EB98 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@Concurrency@@ExceptionLog2@details@Throw$freememset
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ?$bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1454668608-1025567186
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3a2727ac7d31c26e2056c26c8711e3a8896709373421bcaf6bdba133f29222c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9d3455adbc2481db0481dfae4052197e9aed23e6c29994de92e0b588f1f0b417
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a2727ac7d31c26e2056c26c8711e3a8896709373421bcaf6bdba133f29222c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43516F22709B8582DB21CF56E8442A977A5FB88BE4F54423ADE9D03BA8DF3DD445D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299354D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ??_V@YAXPEAX@Z.MSVCR120(?,?,?,?,?,?,?,00007FFF29932DAA), ref: 00007FFF2993558D
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_link_target@Concurrency@@QEAA@PEBD@Z.MSVCR120(?,?,?,?,?,?,?,00007FFF29932DAA), ref: 00007FFF299355D2
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF299355E4
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_link_target@Concurrency@@QEAA@PEBD@Z.MSVCR120(?,?,?,?,?,?,?,00007FFF29932DAA), ref: 00007FFF299355F6
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF29935608
                                                                                                                                                                                                                                                                                                                                                                              • ??_V@YAXPEAX@Z.MSVCR120(?,?,?,?,?,?,?,?,?,?,?,00007FFF29932DAA), ref: 00007FFF29935621
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_link_target@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _Link
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3916662256-3418048212
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9599e860fb5103610e327fbd68f41d0dc075dc95ac1db7b08c5fd6bee0dca48f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b8ed548bf4ddac00187f535d972d75bb12a39ed170bac21478245a665080e091
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9599e860fb5103610e327fbd68f41d0dc075dc95ac1db7b08c5fd6bee0dca48f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0941C2B2A18B45C1DB248F11D80026833B6FB88FA8F854235CA5D47BA4DF3CE555D345
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299779B8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8bad2e6a5021e731e022ea1449dc6a5a8982a788c87428d2d18bad6865d32979
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 25966c80f6c3d99bca70f019c84da4250a1566e24c4cca5f155da92a7afe3a14
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bad2e6a5021e731e022ea1449dc6a5a8982a788c87428d2d18bad6865d32979
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9315EA5A09A4281FA259F1AEC500B977A1FF84BF0F180232DA6D076E5DF3DE546E301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29943A18 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a908ff9f18bbfc8406f73e447574b5f33a837dfba6244d8031a9d1b91916c0e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: de135f35f337d605d8702a4185953aa666ccae7aefe42c3575d4c745e510a39f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a908ff9f18bbfc8406f73e447574b5f33a837dfba6244d8031a9d1b91916c0e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB317221A49A4282EA31DF2AED5117973F1FF847B0F181232D66D076E5DE3DE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299438E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 679000fb0593b2f69e2d1756589c8d0492c762ce50c23d5194fee215a10df675
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1fd45e127e7a998487a9309f980b45d122d6759b8ab89c232d15555034457d29
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 679000fb0593b2f69e2d1756589c8d0492c762ce50c23d5194fee215a10df675
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6314F62A0DA4282EE319F2AED5117973F1EF94BB0F145232D66D076E5DE3CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996F8F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9498d3a26db222a682a920633ba8b25e11a36f62cb9b6c1681863f479f54f5c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: addd2d25e8d17313beabd12668ce3fb051f8cc438ba98d583aea092490efdb6f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9498d3a26db222a682a920633ba8b25e11a36f62cb9b6c1681863f479f54f5c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E316066A09A4291FA319F19EC501B977E1FF947B0F184232D67D076E9DE3CE442E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977880 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 83d2e28db506e1df7dc10d312075faa82dcb0e317732a01136978c31c433e48e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d815bc9fab3febd4fc638ee6fd49eadee2772a9bc700cc71478987c3c01860f4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83d2e28db506e1df7dc10d312075faa82dcb0e317732a01136978c31c433e48e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6314F61A0DA4281EA31DF1AEC501B977A1EF847F0F180232DA6D076E5DE3CE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29943B50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e33999b72c7fa02fb095ea51036a613c5ae9fe05b545728f9608c8849368e12
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f67a156dbb0eb197771b9d98a798928b82c0d0acd1a67e487bd63f04a82c7ec6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e33999b72c7fa02fb095ea51036a613c5ae9fe05b545728f9608c8849368e12
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8319261A0DA4292EA31DF29ED911B977E1EF54BB0F185231DA6D036E5DE3CE442E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996FB60 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 29475d27b6c0513520bdae92b6d17ce9ab0b3877de5815f46d4d0d7876481c6d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a449dce500d4fad2e522d13909d39563a3a22b89f5ec81d19212036947ba2a55
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29475d27b6c0513520bdae92b6d17ce9ab0b3877de5815f46d4d0d7876481c6d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF313F62A09A4281EA31DF29EC501B977F1FF987B0F184232DA6D476E5DE3DE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29940AA4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 378552e0937f48b9563594f1ea07c29a29d5a1a7e945bee19e01af9b171b8704
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cdc09d48ac28ff4cc6b6c461ce6fccfb104d1d64ed55ed151257701b032d58ae
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 378552e0937f48b9563594f1ea07c29a29d5a1a7e945bee19e01af9b171b8704
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A314F21A09A4282EF35AF16EC500B973E1FB44BB4F585232DA6D176A5DF3CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977AF0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmoneypunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2262005930-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 250641a128c2a3f7ff959fec483bef152d47cdb32cd67253119af2966188de61
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 03cd70db4de63d33129a1d2fd63997bf591d7e7fe0e7223978ee2380ec2041f7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 250641a128c2a3f7ff959fec483bef152d47cdb32cd67253119af2966188de61
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86316FA1A09A4281FA319F19EC500B973E1EF98BF0F180232DA6D076E5DE3DE442E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996FA28 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dccbca7e3671e86ff65705dfc3ce29c1953457e50befd39de8e941347e9e7d22
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 327b984112e4a87d44ec2eaf5bad4bd9d8922f90aacb59e9003e6c855f2a8f25
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dccbca7e3671e86ff65705dfc3ce29c1953457e50befd39de8e941347e9e7d22
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06314162A0DA4281EA359F29EC501B977E1FF947B0F184232DA7D476E9DE3CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29943DC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_locknumpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 297538908-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7330aaf2d4eb41b8efb7472450eb4f69409d8bc972dbc7bca5c1ff8fab1472eb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bd6c6d3fc8443733dce54f50ebd6bee4913b4376c3f60530fe3f075668823c76
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7330aaf2d4eb41b8efb7472450eb4f69409d8bc972dbc7bca5c1ff8fab1472eb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C314F21A0AA4283EA32DF26ED5107A73A1FB94BB0F145232D66D076E5DF3CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996FDD0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f35b276b91b228840f410e941e6736792af310de3a634952b0999b209e3f7e4c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7650fedcc5568997e580acf7cacda1bdb0531138ce3374ec350c5fec684284d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f35b276b91b228840f410e941e6736792af310de3a634952b0999b209e3f7e4c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9310F62A09A4281EB31DF19EC501B977E1FF58BB0B544232DA7D476A6DE3CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977C28 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmoneypunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2262005930-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 57309cfa2b7137129b69563083519a3cf3066f4b7cbd0439b2d1caf398087237
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ffb86223b7912b4d085d8a974fddd185011edf7b9a5b853eb6c4fb4baba8973a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57309cfa2b7137129b69563083519a3cf3066f4b7cbd0439b2d1caf398087237
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8316061A0DA4282EA359F19EC500B973E1FF88BF0F184232DA6D077A5DE3DE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29943C88 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c12bae8afbf7e38d09fa0ff2d35a0f5a177c91f566d83bb111f2e2f1f8fac225
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51bf5aabad4757e8c19ace6640477d41056ab75362f177652b52073bb1530e46
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c12bae8afbf7e38d09fa0ff2d35a0f5a177c91f566d83bb111f2e2f1f8fac225
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8317121A09A4292EA31AF2AED511B973A1FF847B0F541231DA6D036E5DE3CE942E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996FC98 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5820548b693242093c9657822756f84f698775e4396aabc64fec5f761581744b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2555c31207c6a938368b94b93d3bb49318950a15bd45a98c067bd7691916cfd2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5820548b693242093c9657822756f84f698775e4396aabc64fec5f761581744b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3311D62A09A4292EA219F1AEC501B977A1FF847B4B544232DA7D076A5DF3CF446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996FF08 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c3d3da641fd1a3a66f27da0cb6013a39a8fec40b59d2b5c877a6a463b1b05973
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d66402aa7496c4c9484613545303d8a83e4264da96122c421c8558dda12ac4dd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3d3da641fd1a3a66f27da0cb6013a39a8fec40b59d2b5c877a6a463b1b05973
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2314D62A09A4291EB35DF29EC501B977E1FF88BB0F144232DA7D476A5DE3CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29943EF8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_locknumpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 297538908-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8276856a8175af302765cd659400263ea773034aa98477ef9b5879c294c5b4e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6cbf7692e4f839d28975cf81d414f9c8ca711e4388af3be9e47f8d4988bcdad2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8276856a8175af302765cd659400263ea773034aa98477ef9b5879c294c5b4e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E315161A09A4292FA259F26ED500B973F1FF94BB0F145232D66D036A5DE3CE446E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29970178 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmoneypunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2262005930-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: aae6440f35498fc6accec097b532c123c228f8174700f8de0d9c9a7ee8146378
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a69cc31b0218788e89931bb4cad64ad24f82e4f4d48fc65aef7078790e585bf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aae6440f35498fc6accec097b532c123c228f8174700f8de0d9c9a7ee8146378
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3315E62A09A4281EB319F59EC501B977E1FF88BF4F144232DA6D076E9DE3CE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29970040 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmoneypunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2262005930-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5773e9360e7803db48715a296d14a8f703be62f5b34074499a918b00871c1bcb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 37a0a66545716ecf107e43527f30b6f477bf69b531a3051fe80195c366989816
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5773e9360e7803db48715a296d14a8f703be62f5b34074499a918b00871c1bcb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2314F61A4DA4281EA31DF19EC901B977E1EF887F0F140232DA6D076E5DE3CE486E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29944030 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_locknumpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 297538908-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 81479ac948c41d5d3d9210db1aaa328f03b09381b977e98ce46904e07d717bb9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a1f08158b584ea3bc494450fce6918f11d5c10e4c3342b90a671494764918961
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81479ac948c41d5d3d9210db1aaa328f03b09381b977e98ce46904e07d717bb9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9314E21A0DA4282EB31DF1AEC500B977E1EB997B0F145232DA6D076E5DE3CE496E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299703E8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmoneypunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2262005930-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 882b5206cb17b41ce02421e23980914ed6db1a40972a85520ae09ec0550d2dcc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 49029cef128f1bbdc09de9de3f1b9edac300151bc98a80765d29be36386f119d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 882b5206cb17b41ce02421e23980914ed6db1a40972a85520ae09ec0550d2dcc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79312E61A0DA4281EB319F2AEC501B977A1FF88BF0F544232DA6D076A5DF3CE445E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299702B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmoneypunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2262005930-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1dc0e4b608a78e5c8827d6161483536c72233569a2a27f32ce565b53e91b1db9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 777e09ad58bb958ff90fda9dbe267a0a9a396101f9586e5a696a7894daf0d6ec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dc0e4b608a78e5c8827d6161483536c72233569a2a27f32ce565b53e91b1db9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D3160A1A0DA4282EA359F1AEC500B973E1FF84BF0F140232D66D176E5DE3CE442E711
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977610 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockcollate
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 337683809-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: be21e23caa2697d579825849827a4a46559af03571ae347bb08ec13b2cf90ce5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fd680c8627e68ef0625602cb1da4b6c88a2af60da396d55262d1b5aabb63d547
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be21e23caa2697d579825849827a4a46559af03571ae347bb08ec13b2cf90ce5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2316FA1A09A4291EA31DF19EC900B977F1EF947F0F140232DA6D476E9DE3DE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299437A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 54a8405a8c94cbf690a8a37517cd4091472ed80b436b7905d98cc69e854046be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4ee46c1c65e7d6715ba0b78a33113023ac6ce26d8038ec7df2a5f500a0199be0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54a8405a8c94cbf690a8a37517cd4091472ed80b436b7905d98cc69e854046be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF315E61A09A4282FA319F2AED511B9B3E1FF847B0B145232DA6D037E5DE2CE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996F7B8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockcollate
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 337683809-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 05132cda79806ad0697da355e07607199f3287ca142264774c0291f5bf07e196
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 708ef1a36971298bda2753a40ba6ddcaf5b44efe80c989d45799438c954c6806
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05132cda79806ad0697da355e07607199f3287ca142264774c0291f5bf07e196
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA310F22A09A4281FA319F6AED501B977A1FF94BB0F144231D67E476A5DF2CE446E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977748 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 624ea0a0ee14aa6963ee898b55ed9c989bdc3e5a3a4dafed1e5387ad839d53fd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d71cc43bb49549a954701a7911e82cbc853ba9f80b4ff8e74e76b8051bfd91d8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 624ea0a0ee14aa6963ee898b55ed9c989bdc3e5a3a4dafed1e5387ad839d53fd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88317EA5A09A4291EA219F1AEC500B977E1FF84BF0F180232D66D076E5DE3CE442E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996F680 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockcollate
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 337683809-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d1ac8f8d08284ffc89e2b8f39e16df957bfaafc4489475101e01edf3b50d481
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4ad82a6dc12a84c12d3879e7b2e95b867792b3d3cc605cc2b49fc745b9840ff7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d1ac8f8d08284ffc89e2b8f39e16df957bfaafc4489475101e01edf3b50d481
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD315E22A09A4281FA319F29EC505B977E5FF887B0F180232D67D076A5DE3CE546E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29943670 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lockmessages
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2651151912-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 55dea18f1195e3e25331f222360a60f5cb40097bc9ad49d9d10f8da8cf08f30a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 25cc464225b126a0deec83c7a8010da27a77f72039917cabec209c0bdfe28500
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55dea18f1195e3e25331f222360a60f5cb40097bc9ad49d9d10f8da8cf08f30a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1431AF61A09A4282EA359F2AED410B973E5FF847B0F181232D66D076E4DE3CE442E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996D094 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@CriticalExceptionSectionThrow$Call_onceEnterInitialize__crt
                                                                                                                                                                                                                                                                                                                                                                              • String ID: lock error$thread resource error
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 247718026-3660219420
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f3d9ff9e1d6d1e2c2790907346c709f7508461bce3573f1834d2a97dc27d7350
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5be637b4ab9d3afb373514aaaf508d416ec7c30c7e72230e05d16fbb37c64ff9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3d9ff9e1d6d1e2c2790907346c709f7508461bce3573f1834d2a97dc27d7350
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F317A71A09B8696EB248F15FC801A9B3E4FF883A4F508136D69D87B65EF7CE145DB00
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299388A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_?wait@event@Alloc@ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 327254784-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1916ef9a36595019dcaa5e912a83ad1b9305eceb54031f9f1f12c9ab8bc09d91
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 150431c97d6ef87c81f5c7d2966dcb09b23cfd2085fdf2cf298a43c04a2090d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1916ef9a36595019dcaa5e912a83ad1b9305eceb54031f9f1f12c9ab8bc09d91
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE313E36604B4292EB20CF16EC8406973B5FB58BB0B658236CB6D437A4EF3CD955D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299385C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_?wait@event@Alloc@ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 327254784-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b2859fce22448c6af0bae7a29f1404be77ead84e233a7ad62330cb8e02c14be3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a88f23d08ffee9e9232eb876350b6ee485ce8731872b002b5befd22763cfe505
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2859fce22448c6af0bae7a29f1404be77ead84e233a7ad62330cb8e02c14be3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49315E36605B4296DB20CF15EC8806973B5FB58BB0B65823ACA6D437A4EF3CD955D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29936A58 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$ExceptionLock@details@ReentrantScoped_lock@_Throw$??0_??0bad_target@??0exception@std@@??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1344678239-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f8726fd18d757d7ba352ed6aba1dee2012742bd4ac4fdefe25ea2ab3f0569386
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c20b4d0e665a904ee306ecee31ef856d6d9b540b8de6b5724b13fde71e0421e1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8726fd18d757d7ba352ed6aba1dee2012742bd4ac4fdefe25ea2ab3f0569386
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB213B22A08E4691DB208F15E8443A973B1FB98BA4F584236CA5D477A8EF3CD94AD740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299336F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$ExceptionLock@details@ReentrantScoped_lock@_Throw$??0_??0bad_target@??0exception@std@@??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1344678239-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13fca42c326dc09a13a6f88233a7c025f63ffe2ddedd2e6905833d25b5f60705
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba030ed8bbaa1257f05c530e8a7afbafbf42efa1855eac144c8d4c75dae088ef
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13fca42c326dc09a13a6f88233a7c025f63ffe2ddedd2e6905833d25b5f60705
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5217C62608B4691DB20CF14E8443AD73A5FB88BB4F984236CA5D477B8EF3CD94AD340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29936B40 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$ExceptionLock@details@ReentrantScoped_lock@_Throw$??0_??0bad_target@??0exception@std@@??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1344678239-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 99819dbb5978fc385a24f11d7e5db0a3643d0d23bbde712404d2cf5c6cad1e67
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6afc925657134e53a181870496a60abf15cd458ed54337d16e80dfe317d07b4b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99819dbb5978fc385a24f11d7e5db0a3643d0d23bbde712404d2cf5c6cad1e67
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47215E32608E4691DB20CF14E8442AD73B1FB98BA8F644276C65D477B8EF3CD94AD740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299337D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$ExceptionLock@details@ReentrantScoped_lock@_Throw$??0_??0bad_target@??0exception@std@@??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1344678239-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fd0357f1246a10b9f4d8fca3c2ca980ae84dfeed6a349ec43a952149b9d3833f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9ba003fb4d45707927f86deefa6c18701b9b55d343c366fcd45bbff1af19aab8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd0357f1246a10b9f4d8fca3c2ca980ae84dfeed6a349ec43a952149b9d3833f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E210E32608E4691DB20CF15E8442AD73B1FB98BA4FA44236D65D477B8EF3CD94AD740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29935DCC Relevance: 12.1, APIs: 8, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF29935E01
                                                                                                                                                                                                                                                                                                                                                                              • ??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF29935E53
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935E7B
                                                                                                                                                                                                                                                                                                                                                                              • ??_V@YAXPEAX@Z.MSVCR120 ref: 00007FFF29935EED
                                                                                                                                                                                                                                                                                                                                                                              • ??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF29935EFA
                                                                                                                                                                                                                                                                                                                                                                              • ??_V@YAXPEAX@Z.MSVCR120 ref: 00007FFF29935F55
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935F69
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29935F74
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??1_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1298863651-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 411f31d29a2eb41c8905adc9be15a78ce55da95f5586145faa55d27478ad7aea
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f4301709cc06bffb0717e1856940bc339745c8b27724725f50879fa16f9cac23
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 411f31d29a2eb41c8905adc9be15a78ce55da95f5586145faa55d27478ad7aea
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92514B32B05A4195EB20CF65D8543AC33B1FB89B68F484235CE1E577A8CF38D94AD315
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2997B71C Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Xp_getwXp_movxXp_mulx$Xp_setw_errnomemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1771852443-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9740f643699b4f6d46fee8188c16fa2e6e6474e31aa4eec4b1ea584b2134ba29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 72609a130acafb9ed61eb138d9a3941cba97a132a6b4e108ea16677ede84b13c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9740f643699b4f6d46fee8188c16fa2e6e6474e31aa4eec4b1ea584b2134ba29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33312861E0CA4691F2319F19AC422FA73E0FF943A0F584135EA8D136A5DF3CE505A742
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29932338 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: pAgents
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-1392246958
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b67047365bc5b2b146392c83d6141efacab25b4da3810a03e612d4fcb19eeca8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 17e1e8fdc9878e64a0f31502b4c021a5cfb773125610c459217058cca120cd49
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b67047365bc5b2b146392c83d6141efacab25b4da3810a03e612d4fcb19eeca8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0418022619A8695EA30DF14EC446B973A1FF98BA4F404135DA8D47BA8EF3CD545D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29957A9C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: strlen$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbbleadlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3692407738-2658103896
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 615326df8753b7637b515b51013477d39c568b7a5b7c5c9d52943a792e521ddb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f3a42170cd52241a7f975e9f2a9243dd229bb96825e084f60a967986e9c210f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 615326df8753b7637b515b51013477d39c568b7a5b7c5c9d52943a792e521ddb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65310022609B8142EB329F21AA5427D77E5EB54FF0F558235DE6C0B7A9CF28D54AC380
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993910C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: setlocale$??0exception@std@@ExceptionThrowstrcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1776597412-1405518554
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2156e56c8f49783263e9dab2eabd3d1b5bb3013aaee7fefd59a8f76100b8bde4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 78bd4dbb60cb835aea10578d18ea9d7b742f49509f882707656685820b9e2fa8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2156e56c8f49783263e9dab2eabd3d1b5bb3013aaee7fefd59a8f76100b8bde4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1531BE21E08B8281EE749F56EC441B973E5FF807A4F584035DA5D476A8EE2CE985EB01
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299708C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d62dd006a4daa1c2645b329b71345463dafea58a264815159e057cd51fd59b8d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 985a3ed7146aaa4886c6ddd3a62b9483f31cac32715ae387d35a4e3ab280f773
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d62dd006a4daa1c2645b329b71345463dafea58a264815159e057cd51fd59b8d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43314E62A09A4281FB319F1AEC501B977A1FF88BF1F144232D66D476E5DE3CE846E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977D60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2cee9831651b7116bb6f2c3bb56b995e2b24d1a3908bdf4f235d44220961241d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 071d7e5812d937678f05bce479b50bb74c29bded2f0e190d38a8fb4fe46ac902
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cee9831651b7116bb6f2c3bb56b995e2b24d1a3908bdf4f235d44220961241d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC313061A09A4282EA319F19EC501B977E1EF98BF0F144232DA6D076F5DE3DE846E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29969F90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 629f47c38d48401609fa023c89b2bc38641dcb0e0f16db9a2c981f15f51d5455
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c2492e030a05b5bb3e78573e84fa2d8c683ed462420c4deef678f49ce68e5ffd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 629f47c38d48401609fa023c89b2bc38641dcb0e0f16db9a2c981f15f51d5455
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3311021A0DA4281EA359F19EC501B977E5FF99BB0F144232DA7D076E5DE3CE486E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29977E98 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d30dbc2aab34725aaaa0898c2a151efa3bb73e7a92961f821cf324e8a6c62c57
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 31ac2564797efc54b7ccc5acd1902226e50f96f84867a03a58260edbaee2771c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d30dbc2aab34725aaaa0898c2a151efa3bb73e7a92961f821cf324e8a6c62c57
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64318F61A09A4282EB359F1AED500B977E1FF887F0F140632D66D076A5DF3DE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299691CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c41bbf442aafb50f70df423fcba7af5265f301cc9428ba6faea6eb553cc31442
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 239af58a06d574d6fce09e4fd6b1856e5bae9ec0f3b6ffdf38be1cabd07a3b4d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c41bbf442aafb50f70df423fcba7af5265f301cc9428ba6faea6eb553cc31442
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82317321A0DA4295EA39DF29EC400B977E1EF94BB0F540232DA7D076E5DE3CE546E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29970520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5ecd45a44f83148a70bc5fa5a43abb025c0789057e8c9746e52d9b407276643c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c4fef6615dfd7e3ba696de8d4c422b8298224fddbf469994de84260bcb5e3a69
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ecd45a44f83148a70bc5fa5a43abb025c0789057e8c9746e52d9b407276643c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0313D61A09A4281EA31DF1AEC900B977E1FF98BF4F144232DA6D076E5DE3CE446E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993D4F8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b3b3ef5addc5b8a925e879fa3bcb2c41e7047d0b2a4f2fd4712140ce6e1f974
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5308e23b76d12b16ec2e08f3041fadaa61e2cc5183bdf4af45471c9e9f9dc77e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b3b3ef5addc5b8a925e879fa3bcb2c41e7047d0b2a4f2fd4712140ce6e1f974
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7317321A0DA4281FA359F29EC6007973E1FF887B4F144235E66D07AE9DE3CE945E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29970790 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 18fcfe5eb5f34850b993c53ffb79bec32d7bf8f7e758524291e9d2d818e00998
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f3bcc7123df126cf73c98bc2f00e34da67cfebe1071cc2fc82805c2a943cf670
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18fcfe5eb5f34850b993c53ffb79bec32d7bf8f7e758524291e9d2d818e00998
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92313DA1A0AA4281FB31DF19EC500F977A1FF94BF0B184232DA6D076A5DE3DE446E741
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29970658 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 57233152fa7d46f08b1ad10316ccb657d273e208a0c8c3efb652e3f05912675e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f231540a08098404ca5edf0cbd65fb8a3896d30d896b68f00cbe730f6a7f5756
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57233152fa7d46f08b1ad10316ccb657d273e208a0c8c3efb652e3f05912675e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC317061A09A4291EA35DF1AEC500B977E1FF84BF0F144232DA6D076E5DE3CE886E701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993D630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 42f857541856f87af2f4abcd82899e39fde57dc849e0a73b666ba720f672ca02
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a94c3d8a4868583f71f0dea7e3dd0c0e72432cb97efc8e0434b0b318d5fa3bf6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42f857541856f87af2f4abcd82899e39fde57dc849e0a73b666ba720f672ca02
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49317261A0DA4282EA31DF2AEC5007977E5FF947B4F144236E66E036E5DE3CE446E704
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993D3C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::_$LockitLockit::_$??0bad_cast@std@@ExceptionFacet_RegisterThrow_lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2469271905-3145022300
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 363cd73f19888a829d88b6c16fb07c171610723b7b36f8dde564925b08dcd4dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6066da80556d6469091bde66e1b6ff035d247c6f1a510cb40ebe0c66641cab69
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 363cd73f19888a829d88b6c16fb07c171610723b7b36f8dde564925b08dcd4dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6312E61A09A4281EB21DF5AEC5407973E1FF987B0B144236EA6E076E5DF2CF446E704
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299386E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links$_PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-477379454
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1df2166759275fa14772b08a2a8561b64f8844b76ed8e27dde4819894f3a41e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 46e0fdaec67c070398ca3c1b8becc8e229b18a9125f41e7cb0809c64d6655c35
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1df2166759275fa14772b08a2a8561b64f8844b76ed8e27dde4819894f3a41e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66218D76A08F4A91DE208F54E844268B3A5FF84BA8F548135C69D47BB8EF3CD549D701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29936994 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Lock@details@ReentrantScoped_lock@_$??1_$??0_??0exception@std@@ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 124525874-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 996c2f780d1967c1c8f1515cdde772ba9c4a31087b9cb3204560262abb815d0a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 86547740ccd41d35dfa75d587a8f895d01fb0d4508606f2d202550606b2c8736
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 996c2f780d1967c1c8f1515cdde772ba9c4a31087b9cb3204560262abb815d0a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB215E32618B4191DB20CF14E8442A973A5FB98BB4FA48236C66D877A8DF3CD94AD740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29938110 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29938288: ??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF299382B2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29938288: ?set@event@Concurrency@@QEAAXXZ.MSVCR120 ref: 00007FFF29938334
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29938288: ??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF2993833F
                                                                                                                                                                                                                                                                                                                                                                              • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ.MSVCR120 ref: 00007FFF2993814D
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_operation@Concurrency@@QEAA@PEBD@Z.MSVCR120 ref: 00007FFF29938196
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF299381A8
                                                                                                                                                                                                                                                                                                                                                                              • ??1critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF299381B2
                                                                                                                                                                                                                                                                                                                                                                              • ??1event@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF299381BD
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Lock@details@ReentrantScoped_lock@_Spin$??0_??0invalid_operation@??1_??1critical_section@??1event@?set@event@ExceptionOnce@?$_ThrowV123@@Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2644273089-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1451867a41b20db4048147b68fd18e4ee272ddc4c84341799d87fe37ec95ebd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b92dbdf1a6fec535007a8d6ea8ac689ad8758d1556fa84b9b71876c0837dc460
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1451867a41b20db4048147b68fd18e4ee272ddc4c84341799d87fe37ec95ebd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08211A32A08B46A2EB209F64EC4436933E0FF86B75F444139DA5E476A4EF3CD989D301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299387DC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29938288: ??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF299382B2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29938288: ?set@event@Concurrency@@QEAAXXZ.MSVCR120 ref: 00007FFF29938334
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29938288: ??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF2993833F
                                                                                                                                                                                                                                                                                                                                                                              • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ.MSVCR120 ref: 00007FFF29938819
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_operation@Concurrency@@QEAA@PEBD@Z.MSVCR120 ref: 00007FFF29938862
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF29938874
                                                                                                                                                                                                                                                                                                                                                                              • ??1critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF2993887E
                                                                                                                                                                                                                                                                                                                                                                              • ??1event@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29938889
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Lock@details@ReentrantScoped_lock@_Spin$??0_??0invalid_operation@??1_??1critical_section@??1event@?set@event@ExceptionOnce@?$_ThrowV123@@Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2644273089-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e4a2d584f4664aba20ed84cb96ac8a31bbbdbebd8713b3af1c3d910a651308a9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 497e92ef50c3b01ed4d0691ca7ce3ab6c6d20e0dc4ff9f27c331074b4e1d4d78
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4a2d584f4664aba20ed84cb96ac8a31bbbdbebd8713b3af1c3d910a651308a9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A213031A08B46A2EB20DF54EC5436933E4FB45B75F444235DA5E476A4EF3CD948D301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299381D4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_?set@event@ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3905866857-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6c92e7f1faf470ce123d31da47b7619a52fbf81ffcc99ec9bcee541c6480b6a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f2d6c8ca5eece3e9838a62b72ac997383e8a89a3dc60d1623d2f95fda24deb1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c92e7f1faf470ce123d31da47b7619a52fbf81ffcc99ec9bcee541c6480b6a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C115B72608E4292DB208F15E8881AC73A1FB49BE5FA54235CA6D477B4EF39C949C301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29932568 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links$_Link
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-1787781490
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: adeeda692c821897ccbf73d59454db96fd78964bc3ec29040c6d0cc4ad9d113e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6c60b76ce2c67fdc8e3c4fbdf529e0233fb929914d7826bce0f3883b7d036059
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adeeda692c821897ccbf73d59454db96fd78964bc3ec29040c6d0cc4ad9d113e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B211A9A590964B91DE344F14DC543A873E1FF5439CFA48439C24C47974EE3DE64AE701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993335C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_operation@Concurrency@@QEAA@PEBD@Z.MSVCR120 ref: 00007FFF2993336C
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF2993337E
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF299333AC
                                                                                                                                                                                                                                                                                                                                                                              • ??1critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF299333BA
                                                                                                                                                                                                                                                                                                                                                                              • ~ordered_message_processor.LIBCPMT ref: 00007FFF299333C5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF299339BC: ??1critical_section@Concurrency@@QEAA@XZ.MSVCR120(?,?,?,?,?,00007FFF299333CA), ref: 00007FFF29933A9C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29932D0C: ??0invalid_operation@Concurrency@@QEAA@PEBD@Z.MSVCR120(?,?,?,?,?,?,?,00007FFF299333D4), ref: 00007FFF29932D5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29932D0C: _CxxThrowException.MSVCR120 ref: 00007FFF29932D70
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29932D0C: ??_V@YAXPEAX@Z.MSVCR120(?,?,?,?,?,?,?,00007FFF299333D4), ref: 00007FFF29932D7F
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • To use batched processing, you must override process_input_messages in the message block., xrefs: 00007FFF29933360
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??0invalid_operation@??1critical_section@ExceptionThrow$Agents_EventTrace_agents@Type@1@_~ordered_message_processor
                                                                                                                                                                                                                                                                                                                                                                              • String ID: To use batched processing, you must override process_input_messages in the message block.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2424895798-2568437830
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fef7934f960450f3950998f688221fa1f59c1787b462f562671c2bab32a7e1dc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ef800c1a359d8ee6bc01eafba66bb736326db1e8a73304cf5e303f1ced59ee8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fef7934f960450f3950998f688221fa1f59c1787b462f562671c2bab32a7e1dc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4014F71A08A42A2EB209F64EC540A873B4FF95774F904235D56D476F8EF2CD659D301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29936710 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF29936738
                                                                                                                                                                                                                                                                                                                                                                              • ??1critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29936746
                                                                                                                                                                                                                                                                                                                                                                              • ~ordered_message_processor.LIBCPMT ref: 00007FFF29936751
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2993482C: ??1critical_section@Concurrency@@QEAA@XZ.MSVCR120(?,?,?,?,?,00007FFF29934BA5), ref: 00007FFF2993490C
                                                                                                                                                                                                                                                                                                                                                                              • ??0invalid_operation@Concurrency@@QEAA@PEBD@Z.MSVCR120 ref: 00007FFF29936775
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF29936787
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??1critical_section@$??0invalid_operation@Agents_EventExceptionThrowTrace_agents@Type@1@_~ordered_message_processor
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1701072332-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 052186afe44cb2b2bc7e3592c31889a6eb204565655facd32aa85cc9dd454c6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: eb38083da88b07444f69dbe3cebfe2b4a02632c85bc64c8e11dd1a38fd6e2cb3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 052186afe44cb2b2bc7e3592c31889a6eb204565655facd32aa85cc9dd454c6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0011E71908B06A1EB209F64EC542A833B4FB497B5F404235D56D472F4EF3CDA89D341
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996DF30 Relevance: 10.5, APIs: 7, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_calloc_crt_wcsdupmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2596383236-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2682aa01eb76aa6173904158b9eac45ec02236fd263adcce7e35128c61476977
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e78c97b72b207c9b26bbd9afcba502005b8b65adb56ff0be77c124e2a02a0ae5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2682aa01eb76aa6173904158b9eac45ec02236fd263adcce7e35128c61476977
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8801E875909B0286EB259FA5E84922833E1FF49B75F184038C95D0B354DF7CD598D392
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29937FB0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: unlink_target is not supported on _AnonymousOriginator$unlink_targets is not supported on _AnonymousOriginator
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-3450720891
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b65ad4cf19dd96ef9df9b3652ef664fa439763c0566c122711f273b61218f44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d33e126ea6bfc1e4f14e6f02911765196d909825884692d7f638438cbebc3a8c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b65ad4cf19dd96ef9df9b3652ef664fa439763c0566c122711f273b61218f44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00F03161A18A8BD1EE349F14DC442A873B0FF94768FA48436C14D47174EE2CD94AF700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933948 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • To use ordered message processing, you must override propagate_to_any_targets in the message block., xrefs: 00007FFF29933974
                                                                                                                                                                                                                                                                                                                                                                              • To use batched processing, you must override propagate_output_messages in the message block., xrefs: 00007FFF2993394C
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: To use batched processing, you must override propagate_output_messages in the message block.$To use ordered message processing, you must override propagate_to_any_targets in the message block.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-3630828566
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6a638196ede93437473ff375037169196baf14ee33466d1ad1fa5f08cc217671
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1a2ff9aab40e4a9040751d5d458015453cb8241ff5cfbc314a0d56bf105bfcff
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a638196ede93437473ff375037169196baf14ee33466d1ad1fa5f08cc217671
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF01CA2B1898BE1EE30DF14EC540A873B1FF94398F908032D24E47574EE2CE60AE741
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2994FFB0 Relevance: 9.3, APIs: 6, Instructions: 331stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@strcspn$Mpunctlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 839937949-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fab17b377e2b9b84628893cf3719620a153b8a6fd2fc33e2a7f7c5cab537c43c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 11403e82f951c294e54817657d3dbe0913d1d3bdd07047b868fb71ffc20bfa19
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fab17b377e2b9b84628893cf3719620a153b8a6fd2fc33e2a7f7c5cab537c43c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAE1AE22B08A418AFB208FB5C8012FD73B1FB48B98B544135DE4D67B98EF38D54AD350
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29950448 Relevance: 9.3, APIs: 6, Instructions: 331stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@strcspn$Mpunctlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 839937949-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d76f12eb1d3324360673671ace7c847368676912d519ee1ee2c68c19d4f123f7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b65a83f6b9dc50345ae800e343ef7d2609733e69ea2a16a798d39a7656803a03
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d76f12eb1d3324360673671ace7c847368676912d519ee1ee2c68c19d4f123f7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26E19B22B09A8289FB218FA5C8412FD73F1FB48B98B544136DE4D57B98EF38D54AD340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2994FB68 Relevance: 9.3, APIs: 6, Instructions: 302stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@strcspn$Mpunctlocaleconv
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 839937949-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: be03f63ffc831c06e12c3670ef7ca2b40012049e0d0d8a2cd7960780abcab43d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d3ae92cf5d1c4d24f7fcec1e6c61e8772b616e31af3aa8158feda5570e7286e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be03f63ffc831c06e12c3670ef7ca2b40012049e0d0d8a2cd7960780abcab43d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FD1AE22B09A868AEB218FB5D8402ED37B1FB59B98F545135DE8E17B4ACF3CD046D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29941B78 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: fgetc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2807381905-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: de0c277b462e019275a48fcb608b35b7580cd824a99ecf1cdb51f3a9645f9db3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b2b9d07a1b488afc8e5d578cf2cf3ca056506b3cc41dcbb82b9184d6910f6201
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de0c277b462e019275a48fcb608b35b7580cd824a99ecf1cdb51f3a9645f9db3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12712772A08A41DAEB31CF35C8903AC33A5FB58BA8F541632DA1D97A98DF39D954D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2997DA84 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String__crt$___lc_locale_name_func_malloc_crtfreememmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3708374934-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a9f05c95efa28a3d619c6625d4d2bde4c02f7e6fead06522465a4ba6686e37e4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ba048fb1ff129b14c7d05da24b355ca6da4c676fdcb9d0b408eb26317982ace
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9f05c95efa28a3d619c6625d4d2bde4c02f7e6fead06522465a4ba6686e37e4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A22191A1B08B9182D6308F16A84056ABBD4FF45FF4F584635DE6D17BD8CF3CE006A245
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993B410 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432778473-1866435925
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: abeb7956d5c586e4268daa447832af3e1d3bdfcfe7df56eb559249d301e218a0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 346d10158b7c3e460b641553f1bcf64ad549dc44ed21f574fdd6f86197b7986c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abeb7956d5c586e4268daa447832af3e1d3bdfcfe7df56eb559249d301e218a0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4213861E18A1A98FB20EFA4EC451FC73F4BB54328FA04139D90D57A69EF2CE546E344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299409B0 Relevance: 9.0, APIs: 6, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 617ae91e6accfd5f8dedf0eec0e7d3b815a9e00cb223a02b182aff905f3ff4ea
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c8b8e980c3c9535ffbc7a4a83cdbbc36c76dcc99bf2f6662816f649bb9b3ad44
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 617ae91e6accfd5f8dedf0eec0e7d3b815a9e00cb223a02b182aff905f3ff4ea
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5011FE7261CB8B92DE309F50F844099B3A5FB94358F900135E28D47A69EF7CD209DB41
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299378CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0event@??0exception@std@@??2@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3301464277-588581970
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fe8965c29237a599fb0789ce3f4033e63f4cbfae23505ffa01b761dd03e22c6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 994c46744f9f0ac325308add3cb416d412382c7989a88d1aa3b211f5930c8d53
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe8965c29237a599fb0789ce3f4033e63f4cbfae23505ffa01b761dd03e22c6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F319F32A09B0582EB248F19E88436977E4FB58BB9F244239C68D077A4DF3DD45AD340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29938A50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3259800460-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f2383e16eb6d99bc92b717cd8db2c59baf9536f6e684137bc57a2a9b822d4ac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e949b5502d27f457e712fb914a3a2e9fe7eb2ccfe9cda9641c16d74077f39408
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f2383e16eb6d99bc92b717cd8db2c59baf9536f6e684137bc57a2a9b822d4ac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28119031A09B4681EB208F59EC5436873A0FF88B74F644135CA6D477B4EE3CD489D301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933EF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_link_target@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _Link
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3916662256-3418048212
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cc2721a89f4f2b4df62a2609e86222096e51187fbaf5879bbb898568ef7fa8ce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ce89f453c01cc7b65bce21852df9260834d07bdeccbc0c4a385f383a5cfd641
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc2721a89f4f2b4df62a2609e86222096e51187fbaf5879bbb898568ef7fa8ce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F114AA1A08A4791FA349F08DC412A8B3F2FF907B8FD48236D16D475B8DE2DD589E304
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299333E8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 449426131-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cb3f16e18b3a7319be06a197781d1e26b2e8563687f448052344f18f3021f9be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c33324a99a44b7c05118e71e9a241c79a8fb8f04ca32e8ac6de8688935906fe9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb3f16e18b3a7319be06a197781d1e26b2e8563687f448052344f18f3021f9be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48113A62608E4691DE208F15E9481AD73A1FB98FE5F944236CA6D477B8EF3CC549D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299367A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 449426131-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e8c766e67b13441f63c2ab6e47db5108deea995d7bfff949a37e9b81de66bf1f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 412f7060164032a997a0342fa70f20ae919ac4ac31c2077240b91c727276aae2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8c766e67b13441f63c2ab6e47db5108deea995d7bfff949a37e9b81de66bf1f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6112862608E4691DA208F15E9481AD73A1FB98BA5F948236CA6D477B8EF2CC549C700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29936850 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 449426131-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5641dda0271ce1b65f6786f70ecbd7ca0ea8091645d98c654b0463443ee4a110
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ec1b1248c4ff95565ae625ae3689dda645929872ac1bde9f2e5a75ffdf56c2c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5641dda0271ce1b65f6786f70ecbd7ca0ea8091645d98c654b0463443ee4a110
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52115E22608B4691DF208F15E8441AD73B1FB98BB8F944236C66D477B4EF3CD949D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933498 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Lock@details@ReentrantScoped_lock@_$??0_??0exception@std@@??1_ExceptionThrowV123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PTarget
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 449426131-988830941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b8df6195f8415965119242c481b7094b26d5dbed115adec361f4bbfea85ed0c0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f1d4f1247ebba502c9f660920ce7c37c0cac9b6d31d931a334171b427d6d3998
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8df6195f8415965119242c481b7094b26d5dbed115adec361f4bbfea85ed0c0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63115E22608A4691DE208F15E8441AD73B1FB99BB4F944235C66D477B4EF3CC949D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993D7E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrowfreemalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2579603142-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: eb1b5a2d371a869b963d648a19344eab4aa638e2e79850caaff5957ba162cc1f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bb8bbeec8ddd72e7199207f9b53e781eac4d56c6241ddd69683e3ea9e344a741
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb1b5a2d371a869b963d648a19344eab4aa638e2e79850caaff5957ba162cc1f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9401BC61B0AB4782EE249F44EC55168B3E1FF84774F800639E55E037A0EF7CE24A9B00
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299350A4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@??0invalid_operation@??3@Concurrency@@ExceptionThrowV01@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3697348495-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 992d2ebf3d239684fbeae9a14656682152cadc057a6e69b1f075d15a6bd0e991
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5dbe5f3dddbc80866f94351711d73a25d229e326ccf0c5b91db9da57ca2d4776
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 992d2ebf3d239684fbeae9a14656682152cadc057a6e69b1f075d15a6bd0e991
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0AF61A08B0B91EE305F54EC443B833A5FB08768F540035CA4D4B760EE3DE59AE302
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995BC20 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$LockitLockit::_Mpunctstd::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 923522853-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c02b39a70d5f0d7b06addf3edc99bf7183d52e72fc1e80c8fbc70a5bd2a0c8b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2cd0f313cca5d178c334942f82b61271a1d1369dcd0f3a46c9911d89c9a6bf2b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c02b39a70d5f0d7b06addf3edc99bf7183d52e72fc1e80c8fbc70a5bd2a0c8b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E251D363B18A4586FB20DFA5D8441EE73B0FB85BA8F40413AEE1D57B98DE38D005D780
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995AF78 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$LockitLockit::_Mpunctstd::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 923522853-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 40d84172f1c1ed78fed7f24fe8a77f2403b3a0843c71bcd72d2f240608f5c9b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 84980a1d581b8b357776c9e384131c8c397324e71b53127e3a6b5263269c7654
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40d84172f1c1ed78fed7f24fe8a77f2403b3a0843c71bcd72d2f240608f5c9b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8951C063B18B4186EB20DFA6E8445AE73B0FB85BE8F40013AEE1D57B98DE38D045D740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995A2E0 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$LockitLockit::_Mpunctstd::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 923522853-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 53e52432cbf66d37f54ec80837591c74a6d05adced33316c0c57c7ab8d052000
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a80f9efd335d0061b3ba4fcd65fe98a6867a33f2cc86d09c7972aa40aa617bf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53e52432cbf66d37f54ec80837591c74a6d05adced33316c0c57c7ab8d052000
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E851D422B19A4186FB20DFA1E8442EE33A1FB45BA8F405135EE1D5BB99DF3CE448D740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996A4F0 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 677b27321147e9bf70093531e95e21195f5f62d895c672fa36d29ac192c42004
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 331d56069a37ffb8c80d652a6acf3ff54e8b4a9b7cfd60c8cb2d6314e10d2e91
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 677b27321147e9bf70093531e95e21195f5f62d895c672fa36d29ac192c42004
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0617A32B05A819AEB20CF65D8402EC73B5FB14BA8F804032DE5D57A95DF38D9A5E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996972C Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d0969f392bb72c0eea5682e54f6978411cb60817890727a6c46b5946fd02e4c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3c3e001db8f158b73aace2abc20e1bd5a16056b72fa4fec7c682b25ba7e034f1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0969f392bb72c0eea5682e54f6978411cb60817890727a6c46b5946fd02e4c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4617932B04A82DAEB24DF65C8802AD73B5F705BA8F804036DE5D57B99DF38D569E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29941570 Relevance: 7.7, APIs: 5, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f151f8cbcceb843eb6868465a06cc0184d81715a6faba35b16d550cc4298792b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f0d30afbb3dcb89fdaa5a9d3acd68b52a817797c95de19bb36516aabeae2dd23
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f151f8cbcceb843eb6868465a06cc0184d81715a6faba35b16d550cc4298792b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57716832B04A81DAEB21CF25C8903AC33A5F758BA8F805536DB1D97B98DF38D568D740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996000C Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 20592206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6dd60eeda9e5cda98b677aa2ca3ca0acd4a14c521f77790ed6467c5c2054756a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 46b682980021dd26fbc02e4d51f18710ce91dc286bafabd22e67690a33650f82
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dd60eeda9e5cda98b677aa2ca3ca0acd4a14c521f77790ed6467c5c2054756a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B051A022F08A8185FB21CFA5D8452EC73F1AF55BA8F054135DF5C2BA99EE38D586D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299608C8 Relevance: 7.6, APIs: 5, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 20592206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1002f17551b4b64d05e5cdbd1928073508e784df31b9533a3fda21e9733f09d5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ad95327bf5a16b6c4f760b3c680252c2762133f6a245cbc7d4be7b52f81ed5f6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1002f17551b4b64d05e5cdbd1928073508e784df31b9533a3fda21e9733f09d5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4951A022F18A4189FB21CFA6D8452EC73B2AF54BA8F044236DF5C2B695EE38D546D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996AB70 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: fgetwc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2948136663-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a204eff861626b9c1878d77df55e1a75b97ed787ce14040219050f279d86da9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d82b73c3a8a6953f2f8b0d8274bee77095b46c59a451ebb26749d71d2e49c9c0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a204eff861626b9c1878d77df55e1a75b97ed787ce14040219050f279d86da9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A613972605A41D9EB208F35C8903AC33E5FB58BA8F544136EA5D87B99DF38E594E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29969C64 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: fgetwc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2948136663-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4fe381b33593fd5048c4ceb84e2b74b41680d943dd1c5a51aa8d52df4a39f257
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c6c4f522b45e1dcf189e403014318e305bd75a670fa0f2db8f97bda4c048c962
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fe381b33593fd5048c4ceb84e2b74b41680d943dd1c5a51aa8d52df4a39f257
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A613832604A41CDEB248F25D8943EC33E5FB58BA8F904636EA5E87B98DF38D584D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29932680 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::_Concurrent_queue_base_v4::_Concurrent_queue_base_v4.LIBCPMT ref: 00007FFF29932704
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2993DAC4: memset.MSVCR120 ref: 00007FFF2993DB3D
                                                                                                                                                                                                                                                                                                                                                                              • ??0critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29932718
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29932757
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF2993276D
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29932799
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??0_Lock@details@Reentrant$??0critical_section@Agents_Concurrency::details::_Concurrent_queue_base_v4Concurrent_queue_base_v4::_EventTrace_agents@Type@1@_memset
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1018027999-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c99020f722577bab06e887c90ac7d6e8de1b292f3ee7c3010cceb4c162d0dec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a894f5f439918e0428b13e0f25141b8c0f8b5d10565b49e2ff2e4e05fc49139
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c99020f722577bab06e887c90ac7d6e8de1b292f3ee7c3010cceb4c162d0dec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B710632605B8196E728CF64E88459C77F8FB08B64F944229CFAE437A4DF38E5A5D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996E148 Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String___lc_codepage_func___lc_locale_name_func__crt__pctype_funcislower
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3151334991-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8b379e28a4d8e80d9c94874fcc1b193232c529a4a788e8a90178a7ef164e8972
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7fb36a988a22f2e277605ccd9319f5eaff48bcdf82a497aed2c8d2a04123fe95
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b379e28a4d8e80d9c94874fcc1b193232c529a4a788e8a90178a7ef164e8972
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D531C432B0C68186F7314F559C4437D7AE9FB84BA1F194039EE9A47B99CE3CD498AB10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996DFB0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String___lc_codepage_func___lc_locale_name_func__crt__pctype_funcisupper
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3675269872-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8487142c5ea1f9484d5a5b0938bf459880c9f54ec08c533fc7d22cbea9f1c93f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e5164f3f2c083e50034eaf5504ee62823245f9f1c1ab944f0cb0582b50d0536b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8487142c5ea1f9484d5a5b0938bf459880c9f54ec08c533fc7d22cbea9f1c93f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A312662A0C68182F7314F699C5037D7AE1FF947A1F184039EAAE47799DE2CE458AB10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996F544 Relevance: 7.6, APIs: 6, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memmovewcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 991614986-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ddb2cc27f7b7a4326f0d16eb266c3848a5e42493e6851f2b07394c1ac137c9e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e15b2ccc47ba7ec4543ba67858675ea0425eb8d23854d32e48c51215194d7d8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddb2cc27f7b7a4326f0d16eb266c3848a5e42493e6851f2b07394c1ac137c9e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4318D26A09B8181EB20DF62B9042A977A4FB49FD4F84403AEF5D57721CF3CE15AE344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29934AE0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??1critical_section@??3@Agents_EventTrace_agents@Type@1@_~ordered_message_processor
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3948224670-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1522464d07b55794e6d4fbb2fa6cec8b56cc1181e981759872a61a74ac37a5d0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cf33cc55218a02365d49218d5cf46da383cbb0451da2f1bd7aa9abf8d0720f4d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1522464d07b55794e6d4fbb2fa6cec8b56cc1181e981759872a61a74ac37a5d0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A316B32606A4582EB288F65D8A436C33A0FF89F64F184635CA1D0B7A4DF3CD898D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996B1D8 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String__crt$___lc_collate_cp_func___lc_locale_name_funcmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3171739111-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 138c70253b07ace643007a89287801e128e28e85a3fd61a8a91bc57192f1d009
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cdb02a0bd8519c2118306f009454cba1e7af58412b1fbe3979acecb710bd4ec2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 138c70253b07ace643007a89287801e128e28e85a3fd61a8a91bc57192f1d009
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8521C17261878086EA209F12A84466EB6E4F754FF4F180239EE6917B94CF3CD4419B04
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29968FF8 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: std::locale::_$LockitLockit::_Setgloballocalesetlocalestd::_$InitLocimpLocimp::_New__lock
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 547505169-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a1cb6ff7d5e5aad37d6787c720ba373f772fffeaec1882217b88a04ac9c391dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d32fec256fa4cc3ccb3c8a2334f18c475f895eeeb639340392ae5d01c86d6476
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1cb6ff7d5e5aad37d6787c720ba373f772fffeaec1882217b88a04ac9c391dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB216072A14A0182EF289F29DC442BD73A1FB88FB4F058135CA6E473A5DE7DE845E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29934B1C Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??1critical_section@??3@Agents_EventTrace_agents@Type@1@_~ordered_message_processor
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3948224670-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 22229181a8b8ef60c217e7d485b87ce7c889c318cfd02dc90297c8b97ab104d8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b93ac491a8bf9203328785f8bbe4decf01b315c958ade6d3069fa440db7a6955
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22229181a8b8ef60c217e7d485b87ce7c889c318cfd02dc90297c8b97ab104d8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3214932606B4582EB249F64E8A436C73B4FF85F65F194239CA5E076A4DF3CD8A8D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933D34 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF29933D57
                                                                                                                                                                                                                                                                                                                                                                              • ??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF29933D66
                                                                                                                                                                                                                                                                                                                                                                              • ordered_message_processor.LIBCPMT ref: 00007FFF29933D7B
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29933DC6
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF29933DD7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Agents_EventLock@details@ReentrantScoped_lock@_Trace_agents@Type@1@_$??0_??1_V123@@ordered_message_processor
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1900578472-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 034880c39217b3af6bdf5689d688029762a1a41beb7cabf535ae63f629946fd5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3c9bb97b6fb6f4e00367fedb09daee893e2b5ea4f0381b6566ff81246ae0f64f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 034880c39217b3af6bdf5689d688029762a1a41beb7cabf535ae63f629946fd5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F214F3264864287E720DF39E84162977E1F788BA5F544239EB5D877A8DE3CD845CF80
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996C638 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Condition_variable@details@$?wait@_?wait_for@_Mtx_reset_ownerVcritical_section@3@Vcritical_section@3@@Xtime_diff_to_millis2xtime_get
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 29431501-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 10a7076005cc078f98679535a6f49740d452d9bb33ba5373b24529c54ea965d1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0aeb20a30effb6307ef38bbf8c8bbf2185cf8b25211885945195e5dff017bb6e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10a7076005cc078f98679535a6f49740d452d9bb33ba5373b24529c54ea965d1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F01C452B0864145FA24AF27AD6517977916F8ABE0F844431FE5F47782EE3CE4059701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993A480 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2537251064-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 08f461926b697749b86ae8186d435569db071e330cbf4e08760ae5cfcdfa0996
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 32b122b01be8443c746a94feb034d29a65531127e80df725aa3f7fdf0858cd9a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08f461926b697749b86ae8186d435569db071e330cbf4e08760ae5cfcdfa0996
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A117331A0AA0291EB348F15EC5927933A1FF48BA4F904039D90D43765DF3DE88AE301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2994F1D0 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c3a00e91d13418e972844dbea4a76a67e2cd0e7c7e147af41d5d376567b73920
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5af2f4e4807b9eb7a5497cce0ca9043c1548a0bafd2d9489b8580d2ff8692b11
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3a00e91d13418e972844dbea4a76a67e2cd0e7c7e147af41d5d376567b73920
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E01A122A08B4282E775DF59E9553B933A4AF84BE4F405031DE4C0B36BDE2CE485D301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2994F13C Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f503ad003e434346443822c80f12c1cdaeb92e46e82e57f3bf5d2a46de26c995
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c7a9061291e1c5dc10e25551a09fc08915921b4c04fd3e6a8d8a043895990c49
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f503ad003e434346443822c80f12c1cdaeb92e46e82e57f3bf5d2a46de26c995
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF015E22A08B4681E775DF15E9513B933A4AF48BE4F445131DA4D0B3AADF2DE481D341
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2994F0A8 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5551daed2ba0b0b4460d9c90f539fa575fe1c319d439c02743f28753e88b2177
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1779630054e9d9012398b02492c97fd8c182166063f3248f6ff7be8242febf57
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5551daed2ba0b0b4460d9c90f539fa575fe1c319d439c02743f28753e88b2177
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE015E22A08B4281EB759F5AE9513B933A4AF84BA4F445131DA4D0B7AADE2DE481D341
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29939078 Relevance: 7.5, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$setlocale
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 294139027-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d9a266430c5fcd6fdf58cf4aa630299cb7b335354dddacd20a6832a27b1d926e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1f1d40a49edda085f6a43e9b55bad564ffd07465db33215974858c3e81b94014
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9a266430c5fcd6fdf58cf4aa630299cb7b335354dddacd20a6832a27b1d926e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8111E62A16A0186FF799FA1C8A533933E1FF44F29F580538C91E4B148CF2DD898E385
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993E4F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • argument to concurrent_vector::reserve() exceeds concurrent_vector::max_size(), xrefs: 00007FFF2993E51D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@Concurrency@@ExceptionLog2@details@Throw
                                                                                                                                                                                                                                                                                                                                                                              • String ID: argument to concurrent_vector::reserve() exceeds concurrent_vector::max_size()
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3588803953-1084209157
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f71c908e3367ae618a6c4968dd8e8f9ee4db061993ce940ad0e5f1772fe32fb4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f2e4dd92b774d3ae309729c91d313bf3fbb4ef4c3015961e097821fd7cda24e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f71c908e3367ae618a6c4968dd8e8f9ee4db061993ce940ad0e5f1772fe32fb4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4221A061718B0592EE208F55E9482A833A6FB84BF0F944239DA7D47BE0EF3CE855D305
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996BD88 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFindNext$wcscpy_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 544952861-248832578
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa20b8bd611b61560a26c0f3a60e80f339e8aeb3de8fe40b1c7d791f1df52dbc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3f270aae6d20183b0a2c37542d634c74904b5bc1542560bf4149764b6661f1d5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa20b8bd611b61560a26c0f3a60e80f339e8aeb3de8fe40b1c7d791f1df52dbc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C21AE62A0C68286FA709F21EC143B973E0FB58BA4F844139DB9D47684EF3CE445AB40
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29938FBC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionLockitLockit::_Throw_lockstd::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2672897738-1405518554
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ef350226914b1f9a718363fa128930f54ff0789105df2ca9296e0273642fd44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 217f2ae353195152205bd036d52eefe98a8f53b4aece3a883b214aaa277589cd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ef350226914b1f9a718363fa128930f54ff0789105df2ca9296e0273642fd44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88118133609B818AD720CF69E84015D77F5FB58BB4B144239CAAC43769EF38D955C341
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29938F0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionLockitLockit::_Throw_lockstd::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2672897738-1405518554
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0ff72c6bb2a72c51e50a81c79fb217d90b371d36e90dcdf45e912eabed5b8d20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 820c6c3f00aba4715237938784393dbde10fcc8a77f64b37c3b740f0426feaee
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ff72c6bb2a72c51e50a81c79fb217d90b371d36e90dcdf45e912eabed5b8d20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1119032509B818AC721CF65E84005977B5FB587B8B144239D6AC43769EF38C554C340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29937820 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0event@??0exception@std@@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 944994503-588581970
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ef88f4f4f3b861dbee79c66529bb4c4be1cf6ffb1cb5308e5ce4637ca0e3591a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2db5de8ff5fd274701f817a6fe0fa3b1760d5e5258d5bc7a5af123cd3d35aebd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef88f4f4f3b861dbee79c66529bb4c4be1cf6ffb1cb5308e5ce4637ca0e3591a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14115E72608B4581DB208F09E844369B3A1FB48BF8F644235D69D07BB8EF7CD15AC700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29937D18 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0event@??0exception@std@@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: _PSource
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 944994503-588581970
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b418b71a0de3ecbd05a609ad38980be7db38dfa9f2820b5ef68117ccdc5ca20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8c9ca8b429ee5a760d18b0fd2d203291e46f79bf7d54f774bf65e3798ad7c6ed
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b418b71a0de3ecbd05a609ad38980be7db38dfa9f2820b5ef68117ccdc5ca20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4115E72608B4581DB208F15E844369B3A5FB48BB8F644239D6AD07BB8EF3CD15AC700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29934928 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 29b1f9284e800dfe717f97496cdd28ee12d4537e3636432ccbe6f261cdbc46e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fea6dc7e13f999e1d3b0caad91ecc9e78194ed93be87324c5aa42f52434c36bd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29b1f9284e800dfe717f97496cdd28ee12d4537e3636432ccbe6f261cdbc46e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00116D62909A0681EF249F24E84437833E1FB54B79F014B39C66E472E8EF3CD559D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29932D0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 64ba27ac4aaea90cdc40a4b9f1634e870f57f76be19057c0ba98468e07339092
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 74024685fd548f55d472cb587fc0056e8e159a05222bc3d06e5bfde008dfdeea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64ba27ac4aaea90cdc40a4b9f1634e870f57f76be19057c0ba98468e07339092
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04116D62A09E4692EB289F24D84437C33A1FB14778F404739C66E471E8EF3CD599D384
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933E68 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 79888cd89a3f4f6ad25d5b3bd113f3f74c7e732459895dec287904cc8a31eea7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 299ce1772e0645ddd68427e4aee71c49c8fde8930b7bc591f61ea2ce9831d26a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79888cd89a3f4f6ad25d5b3bd113f3f74c7e732459895dec287904cc8a31eea7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41118062A09B0682EB349F20D84533833A1FB64778F404B39C56E471E8DF3CD5A9D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29934558 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0invalid_operation@Concurrency@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Deleting link registry before removing all the links
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1760184552-1123019286
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b14d357fc7ba3ef758a6c83cbc02e61caecc12c8839a9b2fe8561d84865af4c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04dfa53504235f707194f4570a14c7e9793fee8bb96edff9ce8ceeb4c9e00220
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b14d357fc7ba3ef758a6c83cbc02e61caecc12c8839a9b2fe8561d84865af4c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5116D62A05A0692EB249F24E84437833A1FB14B78F054B39C66E475E8EF3CD999D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993C56C Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memmove$??2@??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1832667548-4289949731
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 03123062d5a533df436fba2a799247ea96bb1eccc3526c5f6f04b1779551240b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fcb22d603345db6868bb20b0e260671194a21fd37ea06de7a0b7d8eae24881de
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03123062d5a533df436fba2a799247ea96bb1eccc3526c5f6f04b1779551240b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6961C022A08F4281EB288F19C94417832A5EB60FF4F644639DE2E477D5EF3DE491E348
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2995F78C Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@$Mpunct
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 20592206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2aa0d63422570193eafb5292a32849176e9ab62c87deffcbac23dbdc7e5d6ff9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2fdcd3b18ce56f3138b647b3b5b9a62c7a1dbd62638efd2a58f76a3a43358e68
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aa0d63422570193eafb5292a32849176e9ab62c87deffcbac23dbdc7e5d6ff9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59517B62F09A4589FB21CFB6D8103ED33B0AB88BA8F544235DE4D17A9ADF38D146D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993DC1C Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ.MSVCR120 ref: 00007FFF2993DCA3
                                                                                                                                                                                                                                                                                                                                                                              • ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ.MSVCR120 ref: 00007FFF2993DCC7
                                                                                                                                                                                                                                                                                                                                                                              • ??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z.MSVCR120 ref: 00007FFF2993DD31
                                                                                                                                                                                                                                                                                                                                                                              • ??1_SpinLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF2993DD4A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Spin$Concurrency@@$Lock@details@Once@?$_Wait@$00@details@$??0_??1_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2930686547-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f1bed4abacfac3caa75dacf9c5a097b2abf969dc12d653c1e9289abf010f14d2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f3729a989a15dcf69ccf74061ceb2bd6a9e1471b206451578cb6bdbf8d62add
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1bed4abacfac3caa75dacf9c5a097b2abf969dc12d653c1e9289abf010f14d2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2416C32A15F1596EB10CF26E8402A873B4FB08BA4F45463ADE2D17BA4EF38D455D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933FF0 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29937214: Concurrency::details::_Concurrent_queue_base_v4::_Concurrent_queue_base_v4.LIBCPMT ref: 00007FFF29937241
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29937214: ??0critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29937255
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29934067
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF2993407D
                                                                                                                                                                                                                                                                                                                                                                              • ??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF299340A9
                                                                                                                                                                                                                                                                                                                                                                              • ??0critical_section@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29934115
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??0_??0critical_section@Lock@details@Reentrant$Agents_Concurrency::details::_Concurrent_queue_base_v4Concurrent_queue_base_v4::_EventTrace_agents@Type@1@_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3455565143-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7851a1f77a0b6b79ee0cf6a0b1ff550f50dc2948a09b308be93368905d141940
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 77275f1c8db25f235140175c135571dd807bdceed0695b9b0ce53867292f759b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7851a1f77a0b6b79ee0cf6a0b1ff550f50dc2948a09b308be93368905d141940
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D411932209F8196D724DF24F88419A73E8FB45BB4F600639DAAE037A4DF39D596D310
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299641F4 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: memmovememset
                                                                                                                                                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1288253900-4289949731
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 31f6fa9b7059eadb125671519b1616e3216bf6eb01139735c91ee2ad669ff045
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 350c328a02c4101b20355e2cfbb1d5ce5f188bf47b1a3456ad234ee52a6de528
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31f6fa9b7059eadb125671519b1616e3216bf6eb01139735c91ee2ad669ff045
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A316F22A18A4581EB248F99D9441BC37A0FB96FE4FA44535CA2E47799CF3CE591E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29936DC8 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??1critical_section@Spin$??3@Once@?$_Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2471412981-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f641ee65bd52e671b42840dcaca3c65656967a9fb6bc516ca43ae5c1ab5d9ba5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba6440e3f2186f27dbe063facbac1943822720e582740a56451f364bb0bac0ba
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f641ee65bd52e671b42840dcaca3c65656967a9fb6bc516ca43ae5c1ab5d9ba5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05316E36605F4582EB609F25E8982AC33A0FB99FA5F594135CA1E477B4DF3CD899D300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29932EB0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Spin$??1critical_section@??3@Once@?$_Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 962435278-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1d96c190e3daea3a84ddc3846aa854685738a8152681e859e1aca95f7354b2d0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: db75e139a9f51b1554d08b62e389033c0c11064d1dcb00b4ef022a0da9d86a49
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d96c190e3daea3a84ddc3846aa854685738a8152681e859e1aca95f7354b2d0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF313A32609B8582EB248F25D89436C77B4FB98FA5F580239CA5E077A4DF3CD899D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993626C Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Spin$??1critical_section@??3@Once@?$_Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 962435278-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 25145578b9ae980cd4ef511292c7e5cd40761b01b2133cae65732e4abbb35d01
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 170893127c445d496c7fcb96a5123d0d5057b62fcc2210966c84a922eea1c48d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25145578b9ae980cd4ef511292c7e5cd40761b01b2133cae65732e4abbb35d01
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65313B32605B4582EB248F25E89536C37B4FB98FA5F584139CA5E077A4DF3CD899D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299345E8 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@Spin$??1critical_section@??3@Once@?$_Wait@$00@details@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 962435278-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91bb0a7dee2cce1201ae2115012a53e9c26bdc9246955df1aae6774d458a25da
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f9971fb1a18f7cdbc84ab0a7e899bd13280a665044d097972578b3900bb5e98
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91bb0a7dee2cce1201ae2115012a53e9c26bdc9246955df1aae6774d458a25da
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59314C3260AB4582EB248F25D89436C37B4FB99FA9F194239CA5E07764DF3CD894D340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29933274 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ.MSVCR120 ref: 00007FFF29933290
                                                                                                                                                                                                                                                                                                                                                                              • ??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z.MSVCR120 ref: 00007FFF299357C5
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF299357E5
                                                                                                                                                                                                                                                                                                                                                                              • ??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF2993580F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$Lock@details@ReentrantScoped_lock@_$??1_$??0_Agents_EventTrace_agents@Type@1@_V123@@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 245311587-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e1f8b40d78741ed8918a0c3409173b85f3599149cf7c4928c1a963937a6e40a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b899587e9cb106c07b5b709cf08fb8bdf7c88965436d4ef014e245c18157c96
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1f8b40d78741ed8918a0c3409173b85f3599149cf7c4928c1a963937a6e40a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27213E26608B41D2EB208F26E8441AD73A5FB88FE4B588135DB5D477A4DF3CD95AD700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996B104 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1339752018-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 74f7586d6d68cc3a152fc376a58aef6d6fdc7b9dad8fd147e42c5390ec8ff1d1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 06557a11f39930277fecdd5951e46915a75d10641105b4232c4db247562d3ce6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74f7586d6d68cc3a152fc376a58aef6d6fdc7b9dad8fd147e42c5390ec8ff1d1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43215072A087418AEB248F66DC90129B7D5FB84FE0F054139EE5D47BA8DF3CE4419700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996B2E0 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func_ismbblead
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3054877081-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 557d108f6b2330327629f4afbb62150aab8932fe1bf126a8821570e99c4e71a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 729564fb88ccea33f1d85287d5f60d98f1cfe0bbffef40b7e28b1c209d7b8123
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 557d108f6b2330327629f4afbb62150aab8932fe1bf126a8821570e99c4e71a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8301D272B1978143E7288F62EA8426DB7A5FB44BA0F44813DCA5A43A51DF7CD4598700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996B864 Relevance: 6.0, APIs: 4, Instructions: 42fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileHandle$Information__crt$CloseCreate
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4238618201-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9c6a2622939f9d3c2bc4c7e61fd6c0bb9370d34f2201809432a9fc40018539e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f1dfbc7c0356bdd928ac1b3a0735167247c8b92dafe901f87f9a326a86c7823b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9c6a2622939f9d3c2bc4c7e61fd6c0bb9370d34f2201809432a9fc40018539e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63118C31B1878182EB608F11B8187AA73A0FB89BA4F544239DA6D03B94DE3CD0498740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29937E84 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ?wait@event@Concurrency@@QEAA_KI@Z.MSVCR120 ref: 00007FFF29937EA2
                                                                                                                                                                                                                                                                                                                                                                              • ??0operation_timed_out@Concurrency@@QEAA@XZ.MSVCR120 ref: 00007FFF29937ECC
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.MSVCR120 ref: 00007FFF29937EDE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF299379D0: ??3@YAXPEAX@Z.MSVCR120(?,?,?,?,?,00007FFF299377CD), ref: 00007FFF29937A3B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF299379D0: ??1event@Concurrency@@QEAA@XZ.MSVCR120(?,?,?,?,?,00007FFF299377CD), ref: 00007FFF29937A73
                                                                                                                                                                                                                                                                                                                                                                              • ??3@YAXPEAX@Z.MSVCR120 ref: 00007FFF29937F00
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency@@$??3@$??0operation_timed_out@??1event@?wait@event@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3285811795-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f463b1afe9d959703bb167293b79b01ec425eb1a307259dc9ff448af1e626dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ff0281abb0583809243acc2bcd5ec0517684ba42693d6600cb4b3f626635515e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f463b1afe9d959703bb167293b79b01ec425eb1a307259dc9ff448af1e626dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2019E72B0864683EF248F25E89417973A1FF98BA8F544035DA1E47764DE2CD889D741
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996D3D0 Relevance: 6.0, APIs: 4, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocXtime_diff_to_millis2__crt_calloc_crt_onexitabortxtime_get
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2448359879-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ed54888d6c215643bdeb85fe6141223512ceb246b1909be3e95b99d113ff61b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 588f5794e4a8982b2681f6796217b5a24b421fb7b05a37315186b402e1615845
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ed54888d6c215643bdeb85fe6141223512ceb246b1909be3e95b99d113ff61b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE019E61A1964285FB30EF26AC452B533E0AF4D3A4F800435E92E477D6EE2CF545A701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993AC04 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2537251064-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d431e47d77df6da7e222c8a1869147372848ada41733b6710eee04e7199e8061
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 328702419aec7ca3c89ba2606477a3a3ce0885b0df867e2e5c34b7f13cbe4c54
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d431e47d77df6da7e222c8a1869147372848ada41733b6710eee04e7199e8061
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A115B31A0AB4682EB248F15E95426933A5FF48BA4F944039CA0D03765DF3EE899D305
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993AEE8 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$??3@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2537251064-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6de322c1294be9b900793267edf8027789443833fcc9411d762d4617f1dbb5c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f57eeb26e6c5171e6a27b65ea6418afa11eb22a6be7cf6be1cbaa39e8ef01119
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6de322c1294be9b900793267edf8027789443833fcc9411d762d4617f1dbb5c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77116175A0AB4281E7348F15E85437933A1FF48BA4F944139DA0D07B64CF3DE499D701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2996D364 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value__crt$callocfree
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 901524056-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c7f7f6a4bc79ced9e194e42d03179842b34995efb5322193186d9ee2186bff1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f0146d9ce45c5af7ff7974b381e1f3518e07870940617faaf2118fbce48c6d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c7f7f6a4bc79ced9e194e42d03179842b34995efb5322193186d9ee2186bff1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F01D20E0A74386FE259F5ADC9457872E1AF5CB64F44503DC92E073D1EE2CB488E621
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29940910 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 41b6264bda22247aa08c0e12298ee0e60b9b5f4f7fadfa834781ac5c23138cbf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59134dfaffd2123de7be908cb2530f571c07615b9bc66e2acc782e6d8e43fb2e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41b6264bda22247aa08c0e12298ee0e60b9b5f4f7fadfa834781ac5c23138cbf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F0AF66518A8B92DE349F50E8440A9B3A5FB94358F904535D28D4BA64EF7CE20DDB01
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29976B50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@sprintf_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %.0Lf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 766125096-1402515088
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ac894cdcf2749a881c8254447d0c3d0d75bb4f7678e18e30c7f388ffef657a2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d55b27c0ac4f41c28283cfe32350b47b0668df26ffae5b268e0d10ea75c5928
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ac894cdcf2749a881c8254447d0c3d0d75bb4f7678e18e30c7f388ffef657a2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E518F22B19F8189E721CF65E8402ED77B0FB897A8F504226EE5D57B94EF38D046C701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29976F6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@sprintf_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %.0Lf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 766125096-1402515088
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b74d778c5e6b64b35aebc33ba1e0cbf9061539035ff238a4fc26d6f25550b1a7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c592526ab2edca8f5835332a9b67f0f5db3a2d1cce22063a1d333776b5a93b74
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b74d778c5e6b64b35aebc33ba1e0cbf9061539035ff238a4fc26d6f25550b1a7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE518E62B19B8585EB20CFB5E8402ED73B0FB847A8F504226EE5D57B94EF38D046C700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2997AD94 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@sprintf_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %.0Lf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 766125096-1402515088
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 784789f7633ec2ef3d7b1339d1123107cb140573d6cb9269cf29bd595473f4c9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c2f8952b57961ed7e65dc969ec39a9f1ba54b4ad278ff0bf65bed5e82e98735a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 784789f7633ec2ef3d7b1339d1123107cb140573d6cb9269cf29bd595473f4c9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A951A162B09B818AE721CFB5E8403ED77A0FB957A8F504226EE5D27B95DF38D045C740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29960AD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@Strftime
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !%x
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 644514719-1893981228
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: df92f114e5ae6399bcdd988b47d1a78063e5816ee6a99da104754aa7068aea70
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5679be0c98606964cfb6bc4ad247fcbec6879dafbbab4244e1b47821af0f7467
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df92f114e5ae6399bcdd988b47d1a78063e5816ee6a99da104754aa7068aea70
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1315B22B09A809EEB21CFB5D8503EC37B0E75979CF448566DE5C5BA8ADE38D206D350
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2993DE30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrowmalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2519100746-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 76383d980e57db7ebecaa5347e44c59e712d2063e4163bd0044977bbbb085147
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dd9421d45b619aaae07636225168bb68c883b45ced0c4a15488fac08e464747a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76383d980e57db7ebecaa5347e44c59e712d2063e4163bd0044977bbbb085147
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4217172604F8A82DF24CF59E8944A8B3A0FB98FA8B548126EB5D477A4DF3CD555C700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299577F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • memmove.MSVCR120(?,?,?,00007FFF299644A8,?,?,?,?,?,?,?,?,?,?,?,00007FFF2994FD5D), ref: 00007FFF29957869
                                                                                                                                                                                                                                                                                                                                                                              • ??3@YAXPEAX@Z.MSVCR120(?,?,?,00007FFF299644A8,?,?,?,?,?,?,?,?,?,?,?,00007FFF2994FD5D), ref: 00007FFF29957871
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2994F9B0: ??2@YAPEAX_K@Z.MSVCR120 ref: 00007FFF2994FA44
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2994F9B0: memmove.MSVCR120 ref: 00007FFF2994FA8F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2994F9B0: ??3@YAXPEAX@Z.MSVCR120 ref: 00007FFF2994FA9E
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@memmove$??2@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2312067643-2556327735
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4555fda95772aa7df8303d32fb883dd7b7420be9c55bf54ba6bb2ab0c44bfea0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 49a0ca9573aabc52da977336f2e5e7b5a73845d3374154ade7dab3eb811c725d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4555fda95772aa7df8303d32fb883dd7b7420be9c55bf54ba6bb2ab0c44bfea0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D621BE62A14B4181FA388F159D842BA33A0FB44FE4F244535DB2C0B7A4DF3AE552E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29957720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • memmove.MSVCR120(?,?,?,00007FFF2996437C,?,?,?,?,?,?,?,00007FFF2994FD5D), ref: 00007FFF29957791
                                                                                                                                                                                                                                                                                                                                                                              • ??3@YAXPEAX@Z.MSVCR120(?,?,?,00007FFF2996437C,?,?,?,?,?,?,?,00007FFF2994FD5D), ref: 00007FFF29957799
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2994F898: ??2@YAPEAX_K@Z.MSVCR120 ref: 00007FFF2994F92C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2994F898: memmove.MSVCR120 ref: 00007FFF2994F977
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF2994F898: ??3@YAXPEAX@Z.MSVCR120 ref: 00007FFF2994F986
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??3@memmove$??2@
                                                                                                                                                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2312067643-2556327735
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f30f99d35b3c0aa93d49610e678578729ac0c14bacf54525f11170279bf42f4f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 29d3f1e197f8f115f5d27299151300c49a97d4b43df429638e7f13eb0435b06a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f30f99d35b3c0aa93d49610e678578729ac0c14bacf54525f11170279bf42f4f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A218E22A14B4181EA388F25A9041AA37E9FB44FE4F244535DA1D4B7A5DF3AE552E340
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29931E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: pAgent
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-2609440998
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f518c0912975e4707823cabdb27735279703a77a776c2e45f244ac1b319e9487
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b9e2f207ec4ecebbedf5fb07aa4781016093314287c6c6d26c3cf522a2ffb6f0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f518c0912975e4707823cabdb27735279703a77a776c2e45f244ac1b319e9487
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9111F726B15B1299FB20CFA4EC904EC33F8BB04768B84063ADA5E57B64EF38D555D740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29939218 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF2993925E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$Getdaysmallocmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2126063425-3283725177
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d27615bbf8bb8fa54c464c3508c7891795e4f14ee4629d5026464094615cc426
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f77221008be7e6b7c0e3665d24dce9613e8b88ce2e23c6a82ffd2a35a26d18f8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d27615bbf8bb8fa54c464c3508c7891795e4f14ee4629d5026464094615cc426
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F03A11A18B42C5EA388F52E88437873A1AB08BA4F884038DD0D07398EF3CD884E304
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29939354 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFF2993939A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$Getmonthsmallocmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 794196016-2030377133
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 10904b7d53471a81274ee89d2aa67d21e278e59e085516762bc04fa044dc10fc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 069700e21733bdef85d61f83063fc4a2d9b7c6f3e50cd488664375eda47c90b3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10904b7d53471a81274ee89d2aa67d21e278e59e085516762bc04fa044dc10fc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF03A51A09A02C9EB649F56E89437833E5EB09BA4F841038DD0E03394EF2DE888D304
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299392FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFF29939342
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$Getdaysmallocmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2126063425-3283725177
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 124412a1b9b6dcdd3e29c021c6e0298460e3b733b0583c345075fbaf945b65ca
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cc4d358c4ddf46e8a5c7bf6b953445b4dfc7ad35792d3a71e62c85300dac16c3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 124412a1b9b6dcdd3e29c021c6e0298460e3b733b0583c345075fbaf945b65ca
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAF0DA51A09A42C5EE749F65E88437973E1FF09BA4F951138DE0D47394EF2CD888D304
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29939270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFF299392B6
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$Getmonthsmallocmemmove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 794196016-4232081075
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f52d8e9540f8444680af23b861c33921e9a251d9684d9466b03505e83b5be796
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1800ac9db34c8d14b5d2214c405f294f9d1d03f1ceea584f02615df4076d95e4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f52d8e9540f8444680af23b861c33921e9a251d9684d9466b03505e83b5be796
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7F0DA52A09A0285EE689F56E98537833E1AB18BA4F940039DE0D07399EF2CD894D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29940A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad function call
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-3612616537
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e49990a5e91c2cad0058ad5b394b1530dd946e99c46038fe2071448f5a76b91
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a8fcf8957b4c5c0fd67f89781aeaccada486d1242da2a2e70f1f3ee81b5f3998
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e49990a5e91c2cad0058ad5b394b1530dd946e99c46038fe2071448f5a76b91
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88E09A61A18A8B95DE209F44E844099B3A5FB94358F900175D18D47A38EF7CD60DDB01
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF299408CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.1546109531.00007FFF29931000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FFF29930000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546090779.00007FFF29930000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546362153.00007FFF29985000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546555085.00007FFF299C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546576761.00007FFF299C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546598204.00007FFF299C8000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.1546621028.00007FFF299CF000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_7fff29930000_x64dbg.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ??0exception@std@@ExceptionThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2684170311-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d50a28af435729f641e5e3cb9c487c64b16d6b362ba93b2d617fb3a5743574cc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 99c997dfd9bf5f3d2b79016d59c6248cf370c142abb121486c4fc2fdc38a060e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d50a28af435729f641e5e3cb9c487c64b16d6b362ba93b2d617fb3a5743574cc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DE09A61A08B8B92DE20DF40F844199B3A5FB94358F800135D58D47A64EFBDD249DB41

                                                                                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                                                                                              Execution Coverage:1.2%
                                                                                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:23.3%
                                                                                                                                                                                                                                                                                                                                                                              Signature Coverage:13.4%
                                                                                                                                                                                                                                                                                                                                                                              Total number of Nodes:979
                                                                                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:28
                                                                                                                                                                                                                                                                                                                                                                              execution_graph 119047 7fff298421d0 119048 7fff298421df 119047->119048 119049 7fff298421f8 119047->119049 119050 7fff298421e4 119048->119050 119053 7fff29842244 RemoveVectoredExceptionHandler 119048->119053 119051 7fff29842260 AddVectoredExceptionHandler 119049->119051 119052 7fff298421fd 119049->119052 119051->119050 119052->119050 119054 7fff298460e0 17 API calls 119052->119054 119089 7fff29842215 119052->119089 119053->119050 119055 7fff298424b5 119054->119055 119056 7fff298460e0 17 API calls 119055->119056 119055->119089 119058 7fff298424d1 119056->119058 119057 7fff2984229b TlsGetValue 119057->119050 119059 7fff298422af 119057->119059 119058->119050 119066 7fff298460e0 17 API calls 119058->119066 119058->119089 119060 7fff29842360 119059->119060 119061 7fff298422b9 119059->119061 119062 7fff29842372 119060->119062 119063 7fff29842440 119060->119063 119064 7fff298422c5 119061->119064 119065 7fff298422ca 119061->119065 119069 7fff29842377 CloseHandle 119062->119069 119070 7fff2984237d 119062->119070 119073 7fff29842445 CloseHandle 119063->119073 119074 7fff2984244b 119063->119074 119175 7fff29841f30 95 API calls 119064->119175 119071 7fff298422d4 CloseHandle 119065->119071 119072 7fff298422eb 119065->119072 119068 7fff298424ef 119066->119068 119085 7fff298460e0 17 API calls 119068->119085 119068->119089 119069->119070 119076 7fff2984239f 119070->119076 119077 7fff298423a4 119070->119077 119071->119072 119075 7fff298422e8 CloseHandle 119071->119075 119176 7fff2983f610 CloseHandle free 119072->119176 119073->119074 119201 7fff2983f610 CloseHandle free 119074->119201 119075->119072 119178 7fff29841f30 95 API calls 119076->119178 119081 7fff298423ba 119077->119081 119082 7fff29842518 119077->119082 119087 7fff298423d2 119081->119087 119088 7fff298423cc CloseHandle 119081->119088 119202 7fff2983f610 CloseHandle free 119082->119202 119083 7fff29842307 119091 7fff29842531 119083->119091 119092 7fff2984231a 119083->119092 119084 7fff2984245e 119084->119050 119084->119091 119085->119089 119179 7fff2983f610 CloseHandle free 119087->119179 119088->119087 119089->119050 119089->119057 119203 7fff29840ed0 GetCurrentThreadId _ultoa OutputDebugStringA abort 119091->119203 119095 7fff29842336 119092->119095 119177 7fff29841080 34 API calls 119092->119177 119093 7fff298423e3 119093->119091 119099 7fff298423f4 119093->119099 119097 7fff29842342 119095->119097 119098 7fff298460e0 17 API calls 119095->119098 119100 7fff29842498 119097->119100 119101 7fff2984234d TlsSetValue 119097->119101 119102 7fff29842421 119098->119102 119103 7fff29842410 119099->119103 119180 7fff29841080 34 API calls 119099->119180 119101->119050 119102->119100 119105 7fff29842491 119102->119105 119106 7fff2984242b 119102->119106 119103->119097 119181 7fff298460e0 GetCurrentProcessId 119103->119181 119105->119100 119106->119101 119112 7fff298460e0 17 API calls 119106->119112 119112->119097 119175->119065 119176->119083 119178->119077 119179->119093 119182 7fff29846103 CreateMutexA WaitForSingleObject 119181->119182 119184 7fff29846356 119182->119184 119185 7fff29846216 FindAtomA 119182->119185 119205 7fff29845f60 6 API calls 119184->119205 119186 7fff298462a1 GetAtomNameA 119185->119186 119190 7fff29846228 AddAtomA 119185->119190 119189 7fff29846376 119186->119189 119197 7fff298462d9 119186->119197 119188 7fff29846362 CloseHandle 119188->119102 119206 7fff29845f60 6 API calls 119189->119206 119193 7fff29846343 119190->119193 119194 7fff2984626c _onexit 119190->119194 119204 7fff29845f60 6 API calls 119193->119204 119196 7fff2984627f ReleaseMutex CloseHandle 119194->119196 119199 7fff29846298 119196->119199 119197->119196 119200 7fff2984632e _onexit 119197->119200 119198 7fff2984634f 119198->119199 119199->119102 119200->119196 119201->119084 119202->119084 119204->119198 119205->119188 119206->119197 119207 7fff29845ff0 CreateMutexA WaitForSingleObject 119208 7fff29846020 119207->119208 119209 7fff298460a8 119207->119209 119210 7fff29846078 FindAtomA 119208->119210 119213 7fff29846037 119208->119213 119216 7fff29845f60 6 API calls 119209->119216 119214 7fff298460c6 DeleteAtom 119210->119214 119215 7fff2984608a ReleaseMutex CloseHandle 119210->119215 119212 7fff298460b4 CloseHandle 119213->119215 119214->119215 119216->119212 119217 7fff29832960 119220 7fff298326d0 119217->119220 119219 7fff29832969 ExitProcess 119221 7fff298326e8 119220->119221 119221->119221 119239 7fff298316a0 119221->119239 119223 7fff29832761 119224 7fff2983276e GetFileAttributesA 119223->119224 119225 7fff29832780 119224->119225 119237 7fff2983288a 119224->119237 119243 7fff298319f0 GetTempPathA GetTempFileNameA GetTempFileNameA CreateFileA 119225->119243 119227 7fff298327c4 119227->119227 119228 7fff29832862 memcpy VirtualFree 119227->119228 119317 7fff298d4f20 111 API calls 119227->119317 119308 7fff29832b90 119228->119308 119232 7fff29832900 119232->119228 119234 7fff298328d1 119235 7fff2983290f WaitForSingleObject ExitProcess 119234->119235 119234->119237 119236 7fff29832923 119235->119236 119318 7fff2983d710 RtlCaptureContext RtlUnwindEx abort 119236->119318 119237->119219 119319 7fff29831540 GetFileAttributesA 119239->119319 119241 7fff2983172d 119242 7fff2983177d strcpy strcpy 119241->119242 119242->119223 119244 7fff29832373 119243->119244 119245 7fff29831b07 WriteFile 119243->119245 119244->119227 119246 7fff29831b4b 119245->119246 119327 7fff298eaf00 119246->119327 119250 7fff29831c3c strlen 119251 7fff298d6050 115 API calls 119250->119251 119252 7fff29831cff strlen 119251->119252 119253 7fff298d6050 115 API calls 119252->119253 119254 7fff29831d38 strlen 119253->119254 119255 7fff298d6050 115 API calls 119254->119255 119256 7fff29831d6c strlen 119255->119256 119257 7fff298d6050 115 API calls 119256->119257 119258 7fff29831d96 119257->119258 119259 7fff298e3170 209 API calls 119258->119259 119260 7fff29831e84 119259->119260 119261 7fff298e3170 209 API calls 119260->119261 119262 7fff29831eaf 119261->119262 119263 7fff298b9b80 209 API calls 119262->119263 119264 7fff29831f08 119263->119264 119265 7fff298e3170 209 API calls 119264->119265 119266 7fff29831f15 119265->119266 119267 7fff298b8020 183 API calls 119266->119267 119268 7fff29831f2b 119267->119268 119269 7fff29832240 119268->119269 119270 7fff29831f48 119268->119270 119271 7fff298e3340 180 API calls 119269->119271 119272 7fff298e3340 180 API calls 119270->119272 119307 7fff29832213 119271->119307 119273 7fff29831f4f 119272->119273 119274 7fff298e3170 209 API calls 119273->119274 119275 7fff29832003 119274->119275 119276 7fff298e3170 209 API calls 119275->119276 119277 7fff29832026 119276->119277 119279 7fff298b9b80 209 API calls 119277->119279 119278 7fff298b84b0 183 API calls 119287 7fff2983229a 119278->119287 119280 7fff29832070 119279->119280 119281 7fff298e3170 209 API calls 119280->119281 119282 7fff29832080 119281->119282 119283 7fff298b8020 183 API calls 119282->119283 119284 7fff29832096 119283->119284 119285 7fff298320b3 119284->119285 119286 7fff298324b8 119284->119286 119288 7fff298e3340 180 API calls 119285->119288 119289 7fff298e3340 180 API calls 119286->119289 119290 7fff298b84b0 183 API calls 119287->119290 119291 7fff298320ba 119288->119291 119292 7fff298324c3 119289->119292 119290->119244 119293 7fff298563e0 189 API calls 119291->119293 119296 7fff298e3340 180 API calls 119292->119296 119294 7fff2983214b 119293->119294 119295 7fff298b84b0 183 API calls 119294->119295 119297 7fff29832153 119295->119297 119298 7fff298324ef 119296->119298 119297->119298 119299 7fff298b84b0 183 API calls 119297->119299 119300 7fff298e3340 180 API calls 119298->119300 119302 7fff29832164 119299->119302 119301 7fff29832517 119300->119301 119301->119301 119302->119292 119303 7fff2983216d CreateFileA 119302->119303 119304 7fff298321ab GetFileSize 119303->119304 119303->119307 119305 7fff298321c0 VirtualAlloc 119304->119305 119304->119307 119306 7fff298321e4 ReadFile 119305->119306 119305->119307 119306->119307 119307->119278 119482 7fff298329d0 119308->119482 119311 7fff29832bf0 VirtualAlloc 119312 7fff29832cb0 119311->119312 119313 7fff29832c28 memcpy VirtualProtect 119311->119313 119312->119234 119313->119312 119314 7fff29832c5d CreateThread 119313->119314 119316 7fff29832c9c 119314->119316 119316->119234 119317->119232 119320 7fff298315d1 CreateFileA 119319->119320 119321 7fff29831660 GetComputerNameA 119319->119321 119322 7fff29831649 119320->119322 119323 7fff29831607 GetFileSize 119320->119323 119321->119241 119322->119241 119323->119322 119324 7fff29831616 ReadFile 119323->119324 119325 7fff29831680 CloseHandle 119324->119325 119326 7fff29831637 CloseHandle 119324->119326 119325->119322 119326->119322 119328 7fff298eaf11 malloc 119327->119328 119329 7fff29831c2f 119328->119329 119330 7fff298eaf24 119328->119330 119349 7fff298544b0 119329->119349 119330->119328 119331 7fff298eaf32 119330->119331 119450 7fff298eafe0 95 API calls 119331->119450 119333 7fff298eaf3c 119451 7fff298eba30 95 API calls 119333->119451 119350 7fff298eaf00 98 API calls 119349->119350 119351 7fff29854508 119350->119351 119352 7fff298eaf00 98 API calls 119351->119352 119353 7fff29854624 119352->119353 119354 7fff298eaf00 98 API calls 119353->119354 119355 7fff29854740 119354->119355 119356 7fff298eaf00 98 API calls 119355->119356 119357 7fff2985483e 119356->119357 119358 7fff298eaf00 98 API calls 119357->119358 119359 7fff29854921 119358->119359 119360 7fff298eaf00 98 API calls 119359->119360 119361 7fff298549a1 119360->119361 119362 7fff298eaf00 98 API calls 119361->119362 119363 7fff29854a89 119362->119363 119364 7fff298eaf00 98 API calls 119363->119364 119365 7fff29854b02 119364->119365 119366 7fff298eaf00 98 API calls 119365->119366 119367 7fff29854b7b 119366->119367 119368 7fff298eaf00 98 API calls 119367->119368 119369 7fff29854bf4 119368->119369 119452 7fff29831860 119369->119452 119372 7fff298eaf00 98 API calls 119373 7fff29854ca9 119372->119373 119374 7fff298eaf00 98 API calls 119373->119374 119375 7fff29854d22 119374->119375 119376 7fff298eaf00 98 API calls 119375->119376 119377 7fff29854d9b 119376->119377 119378 7fff298eaf00 98 API calls 119377->119378 119379 7fff29854e14 119378->119379 119380 7fff29831860 105 API calls 119379->119380 119381 7fff29854e8b 119380->119381 119382 7fff298eaf00 98 API calls 119381->119382 119383 7fff29854eb9 119382->119383 119384 7fff298eaf00 98 API calls 119383->119384 119385 7fff29854f32 119384->119385 119386 7fff298eaf00 98 API calls 119385->119386 119387 7fff29854fab 119386->119387 119388 7fff298eaf00 98 API calls 119387->119388 119389 7fff29855024 119388->119389 119390 7fff29831860 105 API calls 119389->119390 119391 7fff298550a0 119390->119391 119392 7fff298eaf00 98 API calls 119391->119392 119393 7fff298550ce 119392->119393 119394 7fff298eaf00 98 API calls 119393->119394 119395 7fff29855147 119394->119395 119396 7fff298eaf00 98 API calls 119395->119396 119397 7fff298551c0 119396->119397 119398 7fff298eaf00 98 API calls 119397->119398 119399 7fff29855239 119398->119399 119400 7fff29831860 105 API calls 119399->119400 119401 7fff298552b5 119400->119401 119402 7fff298eaf00 98 API calls 119401->119402 119403 7fff298552e3 119402->119403 119404 7fff298eaf00 98 API calls 119403->119404 119405 7fff2985535c 119404->119405 119406 7fff298eaf00 98 API calls 119405->119406 119407 7fff298553d5 119406->119407 119408 7fff298eaf00 98 API calls 119407->119408 119409 7fff2985544e 119408->119409 119410 7fff29831860 105 API calls 119409->119410 119411 7fff298554ca 119410->119411 119412 7fff298eaf00 98 API calls 119411->119412 119413 7fff298554f8 119412->119413 119414 7fff298eaf00 98 API calls 119413->119414 119415 7fff29855571 119414->119415 119416 7fff298eaf00 98 API calls 119415->119416 119417 7fff298555ea 119416->119417 119418 7fff298eaf00 98 API calls 119417->119418 119419 7fff29855663 119418->119419 119420 7fff29831860 105 API calls 119419->119420 119421 7fff298556df 119420->119421 119422 7fff298eaf00 98 API calls 119421->119422 119423 7fff2985570d 119422->119423 119424 7fff298eaf00 98 API calls 119423->119424 119425 7fff29855786 119424->119425 119426 7fff298eaf00 98 API calls 119425->119426 119427 7fff298557ff 119426->119427 119428 7fff298eaf00 98 API calls 119427->119428 119429 7fff29855878 119428->119429 119430 7fff29831860 105 API calls 119429->119430 119431 7fff298558ef 119430->119431 119432 7fff298eaf00 98 API calls 119431->119432 119433 7fff2985591d 119432->119433 119434 7fff298eaf00 98 API calls 119433->119434 119435 7fff29855996 119434->119435 119436 7fff298eaf00 98 API calls 119435->119436 119437 7fff29855a0f 119436->119437 119438 7fff298eaf00 98 API calls 119437->119438 119439 7fff29855a88 119438->119439 119440 7fff29831860 105 API calls 119439->119440 119441 7fff29855b02 119440->119441 119442 7fff298eaf00 98 API calls 119441->119442 119443 7fff29855b30 119442->119443 119467 7fff298d1430 119443->119467 119445 7fff29855b5a 119446 7fff298eaf00 98 API calls 119445->119446 119447 7fff29855cff 119446->119447 119448 7fff298eaf00 98 API calls 119447->119448 119449 7fff29855dab 119448->119449 119449->119449 119450->119333 119453 7fff298318b4 119452->119453 119454 7fff2983199c 119452->119454 119456 7fff29831970 119453->119456 119457 7fff298eaf00 98 API calls 119453->119457 119479 7fff298ec090 104 API calls 119454->119479 119456->119372 119460 7fff298318c5 119457->119460 119460->119456 119461 7fff29831997 119460->119461 119462 7fff298eaf00 98 API calls 119460->119462 119463 7fff29831924 memcpy 119460->119463 119478 7fff298ebee0 95 API calls 119461->119478 119462->119460 119463->119460 119468 7fff298d1578 119467->119468 119471 7fff298d1459 119467->119471 119468->119445 119469 7fff298d15a7 119481 7fff298ebee0 95 API calls 119469->119481 119471->119468 119471->119469 119473 7fff298d15a2 119471->119473 119475 7fff298eaf00 98 API calls 119471->119475 119476 7fff298d1514 memcpy 119471->119476 119480 7fff298ebee0 95 API calls 119473->119480 119475->119471 119476->119471 119483 7fff29832a11 119482->119483 119484 7fff29832aa8 119482->119484 119485 7fff29832a4d VirtualProtect 119483->119485 119486 7fff29832886 119483->119486 119489 7fff29832a48 memcpy 119483->119489 119484->119486 119487 7fff29832ac2 VirtualProtect 119484->119487 119488 7fff29832a74 119485->119488 119486->119237 119486->119311 119487->119488 119490 7fff29832b70 memcpy 119487->119490 119491 7fff29832b40 GetModuleHandleA GetProcAddress 119488->119491 119492 7fff29832af6 GetCurrentProcess NtFlushInstructionCache 119488->119492 119489->119485 119490->119488 119493 7fff29832b07 VirtualProtect 119491->119493 119494 7fff29832b6c 119491->119494 119492->119493 119493->119486 119494->119492 119495 7fff29832990 SleepEx 119496 7fff29831200 119497 7fff29831280 119496->119497 119500 7fff29831222 119496->119500 119498 7fff29831308 119497->119498 119499 7fff29831298 119497->119499 119549 7fff29831830 DisableThreadLibraryCalls 119498->119549 119518 7fff29831010 119499->119518 119514 7fff2983125d 119500->119514 119546 7fff29831830 DisableThreadLibraryCalls 119500->119546 119504 7fff2983123e 119506 7fff29831010 5 API calls 119504->119506 119504->119514 119505 7fff2983129d 119507 7fff2983132c 119505->119507 119508 7fff298312bc 119505->119508 119509 7fff298312e5 119505->119509 119505->119514 119506->119514 119550 7fff29831830 DisableThreadLibraryCalls 119507->119550 119532 7fff2983c320 119508->119532 119512 7fff29831010 5 API calls 119509->119512 119509->119514 119512->119514 119516 7fff298312d1 119516->119514 119548 7fff29831830 DisableThreadLibraryCalls 119516->119548 119519 7fff29831026 119518->119519 119524 7fff298310a0 119518->119524 119520 7fff29831090 119519->119520 119522 7fff2983106f 119519->119522 119523 7fff29831058 Sleep 119519->119523 119520->119505 119521 7fff29831158 119521->119505 119526 7fff29831081 _amsg_exit 119522->119526 119527 7fff29831170 119522->119527 119523->119519 119524->119521 119525 7fff298310ed 119524->119525 119528 7fff298310d9 Sleep 119524->119528 119530 7fff298311b0 _initterm 119525->119530 119531 7fff2983110b 119525->119531 119526->119520 119551 7fff29852360 free 119527->119551 119528->119524 119530->119531 119531->119505 119533 7fff298312c1 119532->119533 119534 7fff2983c2b0 119532->119534 119547 7fff29831830 DisableThreadLibraryCalls 119533->119547 119552 7fff298342ef 119534->119552 119556 7fff29834011 119534->119556 119561 7fff2983432e 119534->119561 119565 7fff298ebd40 119534->119565 119568 7fff29833bb8 119534->119568 119573 7fff29834178 119534->119573 119577 7fff29834139 119534->119577 119581 7fff298341b7 119534->119581 119585 7fff298342b0 119534->119585 119589 7fff298341f6 119534->119589 119593 7fff29834392 119534->119593 119546->119504 119547->119516 119548->119509 119549->119504 119550->119514 119551->119520 119553 7fff298342fb 119552->119553 119554 7fff298ec4e2 malloc 119553->119554 119555 7fff298ec503 119554->119555 119558 7fff2983401d 119556->119558 119557 7fff29833b10 119557->119534 119558->119557 119559 7fff298ec4e2 malloc 119558->119559 119560 7fff298ec503 119559->119560 119562 7fff2983433a 119561->119562 119563 7fff298ec4e2 malloc 119562->119563 119564 7fff298ec503 119563->119564 119597 7fff29842ce0 119565->119597 119567 7fff298ebd5e 119569 7fff29833b12 119568->119569 119570 7fff298ec436 119568->119570 119569->119534 119571 7fff298ec4e2 malloc 119570->119571 119572 7fff298ec503 119571->119572 119574 7fff29834184 119573->119574 119575 7fff298ec4e2 malloc 119574->119575 119576 7fff298ec503 119575->119576 119578 7fff29834145 119577->119578 119579 7fff298ec4e2 malloc 119578->119579 119580 7fff298ec503 119579->119580 119582 7fff298341c3 119581->119582 119583 7fff298ec4e2 malloc 119582->119583 119584 7fff298ec503 119583->119584 119586 7fff298342bc 119585->119586 119587 7fff298ec4e2 malloc 119586->119587 119588 7fff298ec503 119587->119588 119590 7fff29834202 119589->119590 119591 7fff298ec4e2 malloc 119590->119591 119592 7fff298ec503 119591->119592 119594 7fff2983439e 119593->119594 119595 7fff298ec4e2 malloc 119594->119595 119596 7fff298ec503 119595->119596 119598 7fff298432a0 119597->119598 119599 7fff29842cfd 119597->119599 119598->119567 119600 7fff29842d10 119599->119600 119601 7fff298460e0 17 API calls 119599->119601 119602 7fff29842fc5 119600->119602 119603 7fff29842d1b 119600->119603 119604 7fff29842fad 119601->119604 119708 7fff29847250 103 API calls 119602->119708 119707 7fff29847250 103 API calls 119603->119707 119604->119603 119607 7fff29842fbb 119604->119607 119607->119602 119609 7fff298460e0 17 API calls 119607->119609 119608 7fff29842d2b 119610 7fff298460e0 17 API calls 119608->119610 119618 7fff29842d37 119608->119618 119609->119602 119611 7fff29842fe2 119610->119611 119613 7fff29843108 119611->119613 119614 7fff298460e0 17 API calls 119611->119614 119611->119618 119612 7fff2984312b 119615 7fff29842f2c 119612->119615 119621 7fff298460e0 17 API calls 119612->119621 119631 7fff29842f75 119612->119631 119613->119612 119616 7fff298460e0 17 API calls 119613->119616 119619 7fff29843229 119613->119619 119614->119618 119620 7fff29842f8f 119615->119620 119627 7fff298460e0 17 API calls 119615->119627 119628 7fff29843161 119615->119628 119615->119631 119616->119619 119617 7fff298460e0 17 API calls 119617->119620 119618->119613 119623 7fff298460e0 17 API calls 119618->119623 119630 7fff29842db0 119618->119630 119619->119615 119622 7fff298460e0 17 API calls 119619->119622 119619->119631 119639 7fff298460e0 17 API calls 119620->119639 119653 7fff2984317b 119620->119653 119621->119615 119624 7fff298431cc 119622->119624 119623->119618 119624->119612 119635 7fff298460e0 17 API calls 119624->119635 119625 7fff29842e18 119626 7fff29842e21 119625->119626 119629 7fff298460e0 17 API calls 119625->119629 119626->119615 119632 7fff2984327b 119626->119632 119643 7fff29842e6b 119626->119643 119651 7fff298437cd 119626->119651 119656 7fff298460e0 17 API calls 119626->119656 119672 7fff298434f1 119626->119672 119627->119631 119637 7fff298460e0 17 API calls 119628->119637 119628->119653 119633 7fff2984341a 119629->119633 119630->119625 119636 7fff29843180 119630->119636 119647 7fff298460e0 17 API calls 119630->119647 119631->119617 119631->119620 119632->119619 119668 7fff29843286 119632->119668 119633->119626 119642 7fff298460e0 17 API calls 119633->119642 119644 7fff29843769 119635->119644 119636->119624 119638 7fff29843187 119636->119638 119637->119653 119638->119615 119641 7fff298460e0 17 API calls 119638->119641 119639->119628 119646 7fff29843703 119641->119646 119642->119626 119648 7fff298460e0 17 API calls 119643->119648 119663 7fff29842e99 119643->119663 119644->119612 119649 7fff298460e0 17 API calls 119644->119649 119645 7fff298431bb 119645->119567 119646->119615 119650 7fff29843714 119646->119650 119647->119630 119654 7fff29843651 119648->119654 119649->119612 119650->119620 119658 7fff298460e0 17 API calls 119650->119658 119651->119632 119657 7fff298460e0 17 API calls 119651->119657 119652 7fff29842ea8 realloc 119652->119651 119655 7fff29842ebf 119652->119655 119709 7fff29847190 95 API calls 119653->119709 119654->119615 119660 7fff298460e0 17 API calls 119654->119660 119654->119663 119661 7fff298460e0 17 API calls 119655->119661 119665 7fff29842ec8 119655->119665 119656->119626 119659 7fff298437de 119657->119659 119658->119620 119659->119619 119662 7fff298437ef 119659->119662 119660->119663 119664 7fff2984368a 119661->119664 119666 7fff298460e0 17 API calls 119662->119666 119662->119668 119663->119615 119663->119652 119664->119615 119664->119665 119671 7fff298460e0 17 API calls 119664->119671 119665->119615 119667 7fff29842ef5 memset 119665->119667 119666->119668 119669 7fff29843621 119667->119669 119670 7fff29842f0e 119667->119670 119710 7fff29847190 95 API calls 119668->119710 119673 7fff298460e0 17 API calls 119669->119673 119670->119615 119677 7fff298460e0 17 API calls 119670->119677 119674 7fff298436a6 119671->119674 119675 7fff298460e0 17 API calls 119672->119675 119676 7fff29843626 119673->119676 119674->119665 119678 7fff298460e0 17 API calls 119674->119678 119675->119643 119676->119615 119676->119670 119681 7fff298460e0 17 API calls 119676->119681 119679 7fff29843507 119677->119679 119680 7fff298436ca 119678->119680 119679->119615 119683 7fff298460e0 17 API calls 119679->119683 119680->119615 119680->119665 119682 7fff298460e0 17 API calls 119680->119682 119681->119670 119682->119665 119684 7fff29843523 119683->119684 119684->119615 119685 7fff298460e0 17 API calls 119684->119685 119686 7fff2984353b 119685->119686 119686->119615 119687 7fff298460e0 17 API calls 119686->119687 119688 7fff2984355a 119687->119688 119688->119615 119689 7fff298460e0 17 API calls 119688->119689 119690 7fff29843579 119689->119690 119690->119615 119691 7fff298460e0 17 API calls 119690->119691 119692 7fff29843598 119691->119692 119692->119615 119693 7fff298460e0 17 API calls 119692->119693 119694 7fff298435b4 119693->119694 119694->119615 119695 7fff298435c5 119694->119695 119695->119631 119696 7fff298460e0 17 API calls 119695->119696 119697 7fff298435d3 119696->119697 119698 7fff29843794 119697->119698 119699 7fff298435e8 119697->119699 119698->119620 119701 7fff298460e0 17 API calls 119698->119701 119699->119631 119700 7fff298460e0 17 API calls 119699->119700 119702 7fff298435f6 119700->119702 119703 7fff298437a2 119701->119703 119702->119631 119704 7fff29843607 119702->119704 119703->119620 119705 7fff298460e0 17 API calls 119703->119705 119704->119620 119706 7fff298460e0 17 API calls 119704->119706 119705->119620 119706->119620 119707->119608 119708->119608 119709->119645 119710->119645 119711 140015cd9 119723 1400185c4 29 API calls 4 library calls 119711->119723 119713 140015cde 119714 140015d05 GetModuleHandleW 119713->119714 119715 140015d4f 119713->119715 119714->119715 119721 140015d12 119714->119721 119724 140015bdc 6 API calls 119715->119724 119717 140015d92 119718 140015d8b 119718->119717 119725 140015da8 119718->119725 119721->119715 119731 140015e0c GetModuleHandleExW 119721->119731 119723->119713 119724->119718 119726 140015db5 119725->119726 119727 140015dca 119726->119727 119728 140015db9 GetCurrentProcess TerminateProcess 119726->119728 119729 140015e0c 2 API calls 119727->119729 119728->119727 119730 140015dd1 ExitProcess 119729->119730 119732 140015e69 __vcrt_InitializeCriticalSectionEx 119731->119732 119733 140015e40 GetProcAddress 119731->119733 119732->119715 119734 140015e52 119733->119734 119734->119732 119735 14000c8cc 119756 14000c55c 6 API calls __scrt_initialize_crt 119735->119756 119737 14000c8e0 119738 14000ca18 119737->119738 119739 14000c8e8 __scrt_acquire_startup_lock 119737->119739 119871 14000ccf8 4 API calls 3 library calls 119738->119871 119741 14000ca22 119739->119741 119746 14000c906 __scrt_release_startup_lock 119739->119746 119872 14000ccf8 4 API calls 3 library calls 119741->119872 119743 14000c92b 119744 14000ca2d BuildCatchObjectHelperInternal 119745 14000c9b1 119757 14000ce44 GetStartupInfoW __scrt_get_show_window_mode 119745->119757 119746->119743 119746->119745 119868 140015eb0 29 API calls __GSHandlerCheck_EH 119746->119868 119748 14000c9b6 119758 140003cb0 GetTickCount64 Sleep GetTickCount64 119748->119758 119751 14000c9d2 119869 14000ce8c GetModuleHandleW 119751->119869 119754 14000c9d9 119754->119744 119870 14000c6f0 DeleteCriticalSection __scrt_initialize_crt 119754->119870 119755 14000c9f0 119755->119743 119756->119737 119757->119748 119759 140003e73 119758->119759 119760 140004188 119758->119760 119873 140001c00 119759->119873 119917 14000c400 119760->119917 119763 140004199 119763->119751 119764 140003e85 119764->119764 119765 140003edf GetFileAttributesA 119764->119765 119766 140003ef2 CreateFileA 119765->119766 119767 140003f74 ExitProcess 119765->119767 119766->119767 119769 140003f22 GetFileSize 119766->119769 119768 140003f7d CloseHandle 119767->119768 119770 140003f90 GetModuleHandleA 119768->119770 119769->119767 119771 140003f33 VirtualAlloc 119769->119771 119775 140003fd0 119770->119775 119771->119767 119772 140003f4f ReadFile 119771->119772 119772->119768 119773 140003f6e CloseHandle 119772->119773 119773->119767 119885 140001eb0 GetCurrentProcess LoadLibraryA GetProcAddress 119775->119885 119777 14000407c __scrt_get_show_window_mode 119778 1400040fa GetFileAttributesA 119777->119778 119779 1400041bb GetFileAttributesA 119778->119779 119780 14000412c CreateFileA 119778->119780 119782 1400041cd SetFileAttributesA 119779->119782 119783 1400041df AllocateAndInitializeSid 119779->119783 119780->119760 119781 14000415c WriteFile 119780->119781 119784 140004182 CloseHandle 119781->119784 119785 1400041b5 CloseHandle 119781->119785 119782->119783 119786 14000424b 119783->119786 119787 14000422f CheckTokenMembership FreeSid 119783->119787 119784->119760 119785->119779 119788 14000425b AllocateAndInitializeSid 119786->119788 119796 140004251 __scrt_get_show_window_mode 119786->119796 119787->119786 119789 1400042b7 CheckTokenMembership 119788->119789 119790 1400042cc shared_ptr 119788->119790 119789->119790 119791 1400042e9 119790->119791 119792 1400042de FreeSid 119790->119792 119793 140004b11 119791->119793 119791->119796 119792->119791 119937 140011238 RtlPcToFileHeader RaiseException 119793->119937 119795 140004b24 119795->119751 119796->119796 119797 140004393 MultiByteToWideChar 119796->119797 119798 1400043c7 119797->119798 119801 1400043c2 119797->119801 119798->119801 119802 1400043eb MultiByteToWideChar 119798->119802 119799 140004564 119924 140001780 5 API calls 2 library calls 119799->119924 119800 14000441c 119894 140003380 GetModuleHandleW GetProcAddress 119800->119894 119801->119799 119801->119800 119802->119801 119805 14000456c 119807 140004575 119805->119807 119808 14000462d 119805->119808 119807->119760 119925 1400018e0 5 API calls 2 library calls 119807->119925 119811 1400046dd 119808->119811 119929 1400018e0 5 API calls 2 library calls 119808->119929 119809 1400044a0 119809->119809 119810 1400044ab CoGetObject 119809->119810 119817 14000451d 119810->119817 119933 140001780 5 API calls 2 library calls 119811->119933 119815 14000463d 119815->119811 119820 140004645 119815->119820 119816 140004585 119816->119760 119819 14000458d 119816->119819 119817->119760 119821 140004559 CoUninitialize 119817->119821 119818 1400048ed CreateFileMappingA 119818->119760 119824 14000491c MapViewOfFile 119818->119824 119926 140001a30 9 API calls 3 library calls 119819->119926 119930 140001a30 9 API calls 3 library calls 119820->119930 119821->119760 119824->119760 119827 14000493c lstrcmpiA 119824->119827 119825 140004592 119830 14000459a GetFileAttributesA 119825->119830 119831 140004620 119825->119831 119826 14000464a 119828 140004652 GetFileAttributesA 119826->119828 119829 1400046d5 119826->119829 119827->119760 119832 140004951 LoadLibraryW 119827->119832 119835 140004664 CreateFileA 119828->119835 119836 1400046c7 119828->119836 119932 1400020d0 17 API calls 3 library calls 119829->119932 119833 1400045ac CreateFileA 119830->119833 119834 14000460f 119830->119834 119928 1400020d0 17 API calls 3 library calls 119831->119928 119837 140004972 GetProcAddress 119832->119837 119844 140004987 __vcrt_InitializeCriticalSectionEx 119832->119844 119833->119760 119842 1400045df WriteFile 119833->119842 119927 140001170 6 API calls 2 library calls 119834->119927 119835->119760 119840 140004697 WriteFile 119835->119840 119931 140001170 6 API calls 2 library calls 119836->119931 119837->119844 119840->119784 119850 1400046c1 CloseHandle 119840->119850 119841 1400046e5 __scrt_get_show_window_mode 119841->119818 119841->119841 119848 140004783 RegOpenKeyExA 119841->119848 119842->119784 119849 140004609 CloseHandle 119842->119849 119846 1400049b1 119844->119846 119847 1400049c4 119844->119847 119934 140001170 6 API calls 2 library calls 119846->119934 119847->119760 119853 1400049e2 GetFileAttributesA 119847->119853 119848->119818 119854 1400047b8 __scrt_get_show_window_mode 119848->119854 119849->119834 119850->119836 119851 1400046d3 119851->119811 119853->119760 119855 1400049f1 119853->119855 119857 1400047da RegQueryValueExW 119854->119857 119935 140001510 10 API calls BuildCatchObjectHelperInternal 119855->119935 119858 1400048e7 RegCloseKey 119857->119858 119859 14000480c RegCloseKey 119857->119859 119858->119818 119864 140004878 __scrt_get_show_window_mode 119859->119864 119860 1400049fd 119860->119760 119936 140001510 10 API calls BuildCatchObjectHelperInternal 119860->119936 119862 140004a11 119862->119760 119863 140004a19 CreateProcessW 119862->119863 119867 14000461b 119863->119867 119864->119864 119865 1400048a5 RegOpenKeyExA 119864->119865 119865->119818 119866 1400048d0 RegDeleteValueW 119865->119866 119866->119858 119867->119760 119868->119745 119869->119754 119870->119755 119871->119741 119872->119744 119874 140001c50 __scrt_get_show_window_mode 119873->119874 119875 140001c9e GetFileAttributesA 119874->119875 119876 140001cc6 CreateFileA 119875->119876 119877 140001caf GetComputerNameA 119875->119877 119878 140001cfd GetFileSize 119876->119878 119882 140001d44 119876->119882 119877->119882 119879 140001d0c ReadFile 119878->119879 119878->119882 119880 140001d30 CloseHandle 119879->119880 119880->119882 119882->119882 119883 14000c400 BuildCatchObjectHelperInternal 3 API calls 119882->119883 119884 140001e9e 119883->119884 119884->119764 119886 140001f05 119885->119886 119887 140001f7f LoadLibraryA GetProcAddress 119885->119887 119886->119887 119888 140002013 GetModuleHandleW GetProcAddress 119887->119888 119889 140001fa4 119887->119889 119890 1400020a1 CloseHandle 119888->119890 119893 140002038 119888->119893 119889->119888 119891 14000c400 BuildCatchObjectHelperInternal 3 API calls 119890->119891 119892 1400020b6 119891->119892 119892->119777 119893->119890 119895 1400033e1 GetModuleHandleW GetProcAddress 119894->119895 119896 14000364b 119894->119896 119895->119896 119897 14000340a GetModuleHandleW GetProcAddress 119895->119897 119899 14000c400 BuildCatchObjectHelperInternal 3 API calls 119896->119899 119897->119896 119898 140003433 GetModuleHandleW GetProcAddress 119897->119898 119898->119896 119901 14000345c GetCurrentProcessId OpenProcess 119898->119901 119900 140003666 CoInitializeEx 119899->119900 119900->119809 119901->119896 119902 14000347f NtQueryInformationProcess ReadProcessMemory 119901->119902 119902->119896 119903 1400034ba ReadProcessMemory 119902->119903 119903->119896 119904 1400034e2 GetWindowsDirectoryW 119903->119904 119938 1400154c0 119904->119938 119906 140003506 119947 140015458 119906->119947 119910 140003590 ReadProcessMemory 119910->119896 119911 1400035b6 ReadProcessMemory 119910->119911 119911->119896 119912 1400035dd 119911->119912 119912->119910 119914 140003606 CloseHandle 119912->119914 119956 1400152e8 119912->119956 119916 1400152e8 TranslateName 28 API calls 119914->119916 119916->119896 119918 14000c409 119917->119918 119919 14000c414 119918->119919 119920 14000ca88 IsProcessorFeaturePresent 119918->119920 119919->119763 119921 14000caa0 119920->119921 119984 14000cc7c RtlLookupFunctionEntry RtlVirtualUnwind capture_previous_context 119921->119984 119923 14000cab3 119923->119763 119924->119805 119925->119816 119926->119825 119927->119867 119928->119867 119929->119815 119930->119826 119931->119851 119932->119811 119933->119841 119934->119867 119935->119860 119936->119862 119937->119795 119939 1400154da 119938->119939 119941 1400154d0 119938->119941 119973 14001acf8 6 API calls _set_fmode 119939->119973 119941->119939 119944 140015513 119941->119944 119943 1400154ee 119943->119906 119944->119943 119975 14001acf8 6 API calls _set_fmode 119944->119975 119946 1400154e2 119974 1400159c0 24 API calls _invalid_parameter_noinfo 119946->119974 119948 140015465 119947->119948 119950 14001546f 119947->119950 119948->119950 119954 14001548b 119948->119954 119976 14001acf8 6 API calls _set_fmode 119950->119976 119951 140015477 119977 1400159c0 24 API calls _invalid_parameter_noinfo 119951->119977 119953 140003524 GetModuleFileNameW 119953->119910 119954->119953 119978 14001acf8 6 API calls _set_fmode 119954->119978 119957 140015319 119956->119957 119958 1400152f5 119956->119958 119960 140015353 119957->119960 119963 140015372 119957->119963 119958->119957 119959 1400152fa 119958->119959 119979 14001acf8 6 API calls _set_fmode 119959->119979 119981 14001acf8 6 API calls _set_fmode 119960->119981 119983 1400151e8 24 API calls 2 library calls 119963->119983 119964 1400152ff 119980 1400159c0 24 API calls _invalid_parameter_noinfo 119964->119980 119965 140015358 119982 1400159c0 24 API calls _invalid_parameter_noinfo 119965->119982 119969 14001530a 119969->119912 119970 140015363 TranslateName 119970->119912 119971 14001537f 119971->119970 119972 14001f0f8 28 API calls TranslateName 119971->119972 119972->119971 119973->119946 119974->119943 119975->119946 119976->119951 119977->119953 119978->119951 119979->119964 119980->119969 119981->119965 119982->119970 119983->119971 119984->119923 119985 7fff298e0ec0 119986 7fff298e0edc 119985->119986 119987 7fff298e0ed7 119985->119987 119987->119986 119988 7fff298e1130 119987->119988 119991 7fff298e0f08 119987->119991 120022 7fff298e1260 119988->120022 119990 7fff298e1135 119990->119990 120052 7fff29856780 215 API calls 119991->120052 119993 7fff298e0fbe 120053 7fff29856780 215 API calls 119993->120053 119995 7fff298e0fdd 120054 7fff29856780 215 API calls 119995->120054 119997 7fff298e0fff 120055 7fff298e3440 181 API calls 119997->120055 119999 7fff298e1016 120056 7fff298e3440 181 API calls 119999->120056 120001 7fff298e102d 120057 7fff298e3440 181 API calls 120001->120057 120003 7fff298e1044 120058 7fff298e3440 181 API calls 120003->120058 120005 7fff298e105b 120059 7fff29856c30 215 API calls 120005->120059 120007 7fff298e107d 120060 7fff29856c30 215 API calls 120007->120060 120009 7fff298e109c 120061 7fff29856c30 215 API calls 120009->120061 120011 7fff298e10be 120062 7fff298e3ef0 180 API calls 120011->120062 120013 7fff298e10d5 120063 7fff298e3ef0 180 API calls 120013->120063 120015 7fff298e10ec 120064 7fff298e3ef0 180 API calls 120015->120064 120017 7fff298e1103 120065 7fff298e3ef0 180 API calls 120017->120065 120019 7fff298e111a 120066 7fff298e1a20 180 API calls 120019->120066 120021 7fff298e1124 120023 7fff298e1284 120022->120023 120067 7fff298d4c60 120023->120067 120026 7fff298d4c60 209 API calls 120027 7fff298e1344 120026->120027 120028 7fff298d4c60 209 API calls 120027->120028 120029 7fff298e139f 120028->120029 120090 7fff298e3170 120029->120090 120031 7fff298e141f 120032 7fff298e3170 209 API calls 120031->120032 120033 7fff298e149d 120032->120033 120034 7fff298e3170 209 API calls 120033->120034 120035 7fff298e150c 120034->120035 120036 7fff298e3170 209 API calls 120035->120036 120037 7fff298e1586 120036->120037 120038 7fff298d4c60 209 API calls 120037->120038 120039 7fff298e15fb 120038->120039 120040 7fff298d4c60 209 API calls 120039->120040 120041 7fff298e1665 120040->120041 120042 7fff298d4c60 209 API calls 120041->120042 120043 7fff298e16c4 120042->120043 120095 7fff298e3c20 209 API calls 120043->120095 120045 7fff298e1751 120096 7fff298e3c20 209 API calls 120045->120096 120047 7fff298e17d6 120097 7fff298e3c20 209 API calls 120047->120097 120049 7fff298e184c 120098 7fff298e3c20 209 API calls 120049->120098 120051 7fff298e18cf 120051->119990 120052->119993 120053->119995 120054->119997 120055->119999 120056->120001 120057->120003 120058->120005 120059->120007 120060->120009 120061->120011 120062->120013 120063->120015 120064->120017 120065->120019 120066->120021 120099 7fff29842bb0 120067->120099 120069 7fff298d4c85 120072 7fff298d4c9c 120069->120072 120150 7fff298d36d0 209 API calls 120069->120150 120071 7fff298d4cd4 120071->120026 120072->120071 120122 7fff298535e0 153 API calls 120072->120122 120074 7fff298d4cac 120123 7fff2983f120 120074->120123 120076 7fff298d4cb7 120077 7fff298d4cbb 120076->120077 120078 7fff298d4d11 120076->120078 120141 7fff2983f440 120077->120141 120151 7fff29858240 95 API calls 120078->120151 120082 7fff298d4d16 120083 7fff298d4d50 120082->120083 120087 7fff298d4d1f 120082->120087 120155 7fff2983d710 RtlCaptureContext RtlUnwindEx abort 120083->120155 120087->120082 120152 7fff298eb110 95 API calls 120087->120152 120153 7fff298eafe0 95 API calls 120087->120153 120154 7fff298eba30 95 API calls 120087->120154 120265 7fff298e1b10 120090->120265 120092 7fff298e3181 120268 7fff298e3000 120092->120268 120095->120045 120096->120047 120097->120049 120098->120051 120100 7fff29842cc8 120099->120100 120101 7fff29842bcc 120099->120101 120100->120069 120102 7fff29842c18 120101->120102 120156 7fff2983fbb0 120101->120156 120102->120069 120104 7fff29842bd6 120105 7fff2983f120 12 API calls 120104->120105 120106 7fff29842be5 120105->120106 120107 7fff29842c30 120106->120107 120108 7fff29842beb 120106->120108 120180 7fff298419f0 120107->120180 120110 7fff29842bf4 120108->120110 120113 7fff29842cab fprintf 120108->120113 120112 7fff2983f440 4 API calls 120110->120112 120111 7fff29842c46 120116 7fff298419f0 56 API calls 120111->120116 120119 7fff298ec8bc 120111->120119 120114 7fff29842bfc 120112->120114 120113->120110 120217 7fff2983fdc0 21 API calls 120114->120217 120118 7fff29842c60 120116->120118 120117 7fff29842c04 120117->120069 120118->120119 120120 7fff298419f0 56 API calls 120118->120120 120119->120119 120121 7fff29842c7c 120120->120121 120121->120110 120121->120119 120122->120074 120124 7fff2983f180 120123->120124 120125 7fff2983f137 120123->120125 120262 7fff2983f0a0 malloc free 120124->120262 120126 7fff2983f190 120125->120126 120128 7fff2983f14b 120125->120128 120132 7fff2983f1f0 GetCurrentThreadId 120125->120132 120133 7fff2983f1a9 120125->120133 120126->120076 120130 7fff2983f160 GetCurrentThreadId 120128->120130 120131 7fff2983f154 120128->120131 120129 7fff2983f188 120129->120125 120129->120126 120130->120076 120131->120076 120132->120131 120132->120133 120134 7fff2983f1b1 120133->120134 120135 7fff2983f228 CreateEventA 120133->120135 120134->120128 120140 7fff2983f1d3 120134->120140 120263 7fff2983ef50 QueryPerformanceCounter GetTickCount QueryPerformanceFrequency WaitForSingleObject WaitForSingleObject 120134->120263 120136 7fff2983f260 GetLastError 120135->120136 120137 7fff2983f240 120135->120137 120137->120134 120138 7fff2983f24f CloseHandle 120137->120138 120138->120134 120140->120076 120142 7fff2983f452 120141->120142 120143 7fff2983f478 120141->120143 120145 7fff2983f45e 120142->120145 120148 7fff2983f4a4 GetCurrentThreadId 120142->120148 120149 7fff2983f46a 120142->120149 120264 7fff2983f0a0 malloc free 120143->120264 120147 7fff2983f4d8 SetEvent 120145->120147 120145->120149 120146 7fff2983f47d 120146->120142 120146->120149 120147->120149 120148->120145 120148->120149 120149->120071 120149->120087 120150->120072 120153->120087 120157 7fff2983fce0 120156->120157 120160 7fff2983fbce 120156->120160 120158 7fff298460e0 17 API calls 120157->120158 120159 7fff2983fce5 120158->120159 120159->120160 120161 7fff298460e0 17 API calls 120159->120161 120162 7fff2983fbfb 120160->120162 120163 7fff298460e0 17 API calls 120160->120163 120161->120160 120164 7fff2983fc22 calloc 120162->120164 120166 7fff2983fc30 120162->120166 120167 7fff2983fcb5 120163->120167 120170 7fff2983fd84 120164->120170 120171 7fff2983fd6e 120164->120171 120168 7fff2983fd18 calloc 120166->120168 120172 7fff2983fc47 120166->120172 120167->120162 120169 7fff298460e0 17 API calls 120167->120169 120168->120172 120169->120162 120174 7fff298460e0 17 API calls 120170->120174 120171->120172 120173 7fff2983fc55 120172->120173 120175 7fff298460e0 17 API calls 120172->120175 120177 7fff298460e0 17 API calls 120173->120177 120178 7fff2983fc5f 120173->120178 120176 7fff2983fd89 120174->120176 120175->120173 120176->120171 120179 7fff298460e0 17 API calls 120176->120179 120177->120178 120178->120104 120179->120171 120181 7fff29841be0 120180->120181 120191 7fff29841a0d 120180->120191 120182 7fff298460e0 17 API calls 120181->120182 120184 7fff29841be5 120182->120184 120183 7fff29841bd5 120183->120111 120187 7fff298460e0 17 API calls 120184->120187 120184->120191 120186 7fff29841a31 120188 7fff29841a39 120186->120188 120192 7fff298460e0 17 API calls 120186->120192 120187->120191 120189 7fff29841a90 TlsGetValue 120188->120189 120190 7fff29841a40 TlsGetValue 120188->120190 120193 7fff29841aa4 120189->120193 120194 7fff29841a5e 120189->120194 120190->120193 120190->120194 120191->120183 120191->120186 120258 7fff29841000 36 API calls 120191->120258 120195 7fff29841a75 120192->120195 120218 7fff29840b40 120193->120218 120194->120111 120195->120190 120196 7fff29841a7f 120195->120196 120196->120189 120199 7fff298460e0 17 API calls 120196->120199 120201 7fff29841a89 120199->120201 120200 7fff29841abb GetCurrentThreadId CreateEventA 120202 7fff29841af3 120200->120202 120201->120189 120203 7fff29841c4d 120202->120203 120204 7fff29841afc GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 120202->120204 120259 7fff29840ed0 GetCurrentThreadId _ultoa OutputDebugStringA abort 120203->120259 120205 7fff29841b60 GetThreadPriority 120204->120205 120206 7fff298ec8b6 abort 120204->120206 120208 7fff29841c28 120205->120208 120210 7fff29841b93 TlsSetValue 120205->120210 120213 7fff298ec8bc 120206->120213 120211 7fff298460e0 17 API calls 120208->120211 120210->120206 120215 7fff29841bb1 120210->120215 120214 7fff29841c2d 120211->120214 120214->120210 120216 7fff298460e0 17 API calls 120214->120216 120215->120111 120216->120210 120217->120117 120219 7fff29840c80 120218->120219 120220 7fff29840b5c 120218->120220 120221 7fff298460e0 17 API calls 120219->120221 120223 7fff2983f120 12 API calls 120220->120223 120222 7fff29840c85 120221->120222 120222->120220 120226 7fff298460e0 17 API calls 120222->120226 120224 7fff29840b77 120223->120224 120225 7fff29840b7f 120224->120225 120228 7fff298460e0 17 API calls 120224->120228 120227 7fff29840b8a 120225->120227 120226->120220 120229 7fff29840ba0 120227->120229 120230 7fff29840c1c calloc 120227->120230 120231 7fff29840bf5 120228->120231 120260 7fff29840060 20 API calls 120229->120260 120233 7fff29840c33 120230->120233 120234 7fff29840c44 120230->120234 120231->120227 120235 7fff29840c04 120231->120235 120261 7fff29840060 20 API calls 120233->120261 120240 7fff298460e0 17 API calls 120234->120240 120251 7fff29840c5a 120234->120251 120238 7fff298460e0 17 API calls 120235->120238 120236 7fff29840ba8 120243 7fff298460e0 17 API calls 120236->120243 120252 7fff29840cb5 120236->120252 120254 7fff29840bbc 120236->120254 120238->120227 120239 7fff29840c3b 120239->120234 120242 7fff29840de0 free 120239->120242 120240->120251 120241 7fff29840bc8 120250 7fff29840bd3 120241->120250 120242->120234 120247 7fff29840d15 120243->120247 120244 7fff2983f440 4 API calls 120248 7fff29840bdc 120244->120248 120245 7fff29840c70 120249 7fff298460e0 17 API calls 120245->120249 120246 7fff298460e0 17 API calls 120246->120251 120247->120252 120247->120254 120256 7fff298460e0 17 API calls 120247->120256 120248->120194 120248->120200 120249->120250 120250->120244 120251->120241 120251->120245 120251->120250 120253 7fff298460e0 17 API calls 120252->120253 120252->120254 120255 7fff29840daa 120253->120255 120254->120241 120254->120246 120255->120254 120257 7fff298460e0 17 API calls 120255->120257 120256->120252 120257->120254 120260->120236 120261->120239 120262->120129 120263->120134 120264->120146 120266 7fff298d4c60 209 API calls 120265->120266 120267 7fff298e1b3e 120266->120267 120267->120092 120269 7fff298e3015 120268->120269 120271 7fff298e3021 120269->120271 120277 7fff298e7c20 95 API calls 120269->120277 120273 7fff298e303c 120271->120273 120278 7fff298e7f20 95 API calls 120271->120278 120274 7fff298e30a7 120273->120274 120279 7fff298e7e60 95 API calls 120273->120279 120274->120031 120280 14001f080 120285 14001f091 std::_Facet_Register _Getctype 120280->120285 120281 14001f0e2 120286 14001acf8 6 API calls _set_fmode 120281->120286 120282 14001f0c6 HeapAlloc 120283 14001f0e0 120282->120283 120282->120285 120285->120281 120285->120282 120286->120283

                                                                                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 0000000140003CB0 Relevance: 112.8, APIs: 53, Strings: 11, Instructions: 845fileregistrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_140000000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Attributes$Close$Handle$Create$FreeInitializeWrite$AllocateByteCharCheckCount64LibraryMembershipMultiOpenProcessTickTokenValueWide$AddressAllocComputerDeleteErrorExitLastLoadMappingModuleNameObjectProcQueryReadSizeSleepUninitializeViewVirtuallstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @$Docu$Glob$RtlGetNtVersionNumbers$Tree\$\edb$al\$log$ment$ntdll.dll$tmp.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 321534620-2735966687
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c8faa9ee5cc03ed9b8b2677a90c8c4c18e01e22591897e0ac7fc91801102238c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fe9d712103b2f7d77ddb5155a96091ad80458482f114a25f5f9b3f039c071edd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8faa9ee5cc03ed9b8b2677a90c8c4c18e01e22591897e0ac7fc91801102238c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18929EB2604BC08AEB22CF26E8543EA77A1F79D7C8F844215EB4947AB5DF39C655C700
                                                                                                                                                                                                                                                                                                                                                                              Function 0000000140003380 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 178libraryloadernativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_140000000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$HandleModule$AddressMemoryProcRead$_invalid_parameter_noinfo$CloseCurrentDirectoryFileInformationNameOpenQueryWindows
                                                                                                                                                                                                                                                                                                                                                                              • String ID: NtQueryInformationProcess$RtlEnterCriticalSection$RtlInitUnicodeString$RtlLeaveCriticalSection$\explorer.exe$ntdll.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2872368747-3676541911
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91fc161ee9ae5a074da48ff6b9fa1593408afcde63496fbb62e720395b438de4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d1149e0b3bd0575175cd72afed491902b2a3520bca1e0afcc28bed2c9bdc848
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91fc161ee9ae5a074da48ff6b9fa1593408afcde63496fbb62e720395b438de4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD812A72315B4192EB22DB26E8543EA63A4FB88BC4F445126EF5E47BB4EF38C945C704
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298319F0 Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 499filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 275 7fff298319f0-7fff29831b01 GetTempPathA GetTempFileNameA * 2 CreateFileA 276 7fff298324b0-7fff298324b3 275->276 277 7fff29831b07-7fff29831f42 WriteFile call 7fff298eaf00 call 7fff298544b0 strlen call 7fff298d6050 strlen call 7fff298d6050 strlen call 7fff298d6050 strlen call 7fff298d6050 call 7fff298e2080 call 7fff298e3170 * 2 call 7fff298b9b80 call 7fff298e3170 call 7fff298b8020 275->277 278 7fff29832496-7fff298324ac 276->278 305 7fff29832240-7fff2983224b call 7fff298e3340 277->305 306 7fff29831f48-7fff298320ad call 7fff298e3340 call 7fff298e2080 call 7fff298e3170 * 2 call 7fff298b9b80 call 7fff298e3170 call 7fff298b8020 277->306 312 7fff29832250-7fff29832252 305->312 334 7fff298320b3-7fff29832156 call 7fff298e3340 call 7fff298563e0 call 7fff298b84b0 306->334 335 7fff298324b8-7fff298324c3 call 7fff298e3340 306->335 317 7fff29832258 312->317 319 7fff2983225b-7fff2983241a call 7fff298b84b0 call 7fff298b1a70 call 7fff298d4d60 call 7fff298e2130 call 7fff298b84b0 call 7fff298b1a70 call 7fff298d4d60 call 7fff298e2130 317->319 362 7fff2983242d-7fff2983243d 319->362 363 7fff2983241c-7fff29832428 call 7fff298eaec0 319->363 354 7fff298324f8-7fff29832512 call 7fff298e3340 334->354 355 7fff2983215c-7fff29832167 call 7fff298b84b0 334->355 346 7fff298324d0-7fff298324ef call 7fff298e3340 335->346 346->354 359 7fff29832517 354->359 355->346 364 7fff2983216d-7fff298321a5 CreateFileA 355->364 359->359 367 7fff2983243f-7fff2983244b call 7fff298eaec0 362->367 368 7fff29832450-7fff29832460 362->368 363->362 364->317 366 7fff298321ab-7fff298321ba GetFileSize 364->366 366->317 369 7fff298321c0-7fff298321e2 VirtualAlloc 366->369 367->368 371 7fff29832462-7fff2983246e call 7fff298eaec0 368->371 372 7fff29832473-7fff29832483 368->372 369->317 375 7fff298321e4-7fff29832211 ReadFile 369->375 371->372 372->278 374 7fff29832485-7fff29832491 call 7fff298eaec0 372->374 374->278 375->312 377 7fff29832213-7fff29832238 375->377 377->319
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$strlen$Temp$CreateNamememcpy$AllocPathReadSizeVirtualWritemalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: -install$-windows$log
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2062722192-301712604
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4381d5c5ffbcfd77f36d0d23c92940bffed32edf4aae6c4d55d276398b9c4182
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2964397abe385d03e5aac29bdd2939a8c8e8b2c9f7a395a8d5e435f83990b3e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4381d5c5ffbcfd77f36d0d23c92940bffed32edf4aae6c4d55d276398b9c4182
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B642C036608BC585EA709F15F8503EAB3A5FB88784F888226DACC47B59DF3CD154DB84
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298329D0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 114memorynativeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcessmemcpy
                                                                                                                                                                                                                                                                                                                                                                              • String ID: NtFlushInstructionCache$ntdll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 937878451-2800261898
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0983d083f5f9374792333aaf0e40c4b4ad2a5248953dcace726b9f1c29c9d91d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a116ab0aa15e8a9190e5bbee8c65df2338d76e8b94d72b38b51cc965daaa937
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0983d083f5f9374792333aaf0e40c4b4ad2a5248953dcace726b9f1c29c9d91d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7641E622A19A418AF6718F12AC10FBA66D0BF45BD8F8C5039ED4D47794CE3CD505EB0D
                                                                                                                                                                                                                                                                                                                                                                              Function 0000000140001C00 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 163fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 733 140001c00-140001cad call 140010eb0 * 3 GetFileAttributesA 740 140001cc6-140001cfb CreateFileA 733->740 741 140001caf-140001cc1 GetComputerNameA 733->741 743 140001d44 740->743 744 140001cfd-140001d0a GetFileSize 740->744 742 140001d4c-140001d5e 741->742 745 140001d8f-140001dbc 742->745 746 140001d60-140001d67 742->746 743->742 744->743 747 140001d0c-140001d2e ReadFile 744->747 749 140001dc1-140001dde 745->749 748 140001d70-140001d8d 746->748 750 140001d36-140001d3a 747->750 751 140001d30-140001d34 747->751 748->745 748->748 749->749 753 140001de0-140001dfd 749->753 752 140001d3e CloseHandle 750->752 751->752 752->743 754 140001e2b-140001e3d 753->754 755 140001dff-140001e08 753->755 757 140001e40-140001e48 754->757 756 140001e10-140001e29 755->756 756->754 756->756 757->757 758 140001e4a-140001e55 757->758 759 140001e60-140001e6e 758->759 759->759 760 140001e70-140001e7a 759->760 761 140001e81-140001e8d 760->761 761->761 762 140001e8f-140001eae call 14000c400 761->762
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_140000000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$AttributesCloseComputerCreateHandleNameReadSize
                                                                                                                                                                                                                                                                                                                                                                              • String ID: -$.log$WXYZ
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4009157502-632463517
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 07e2f0cacb59fe2120abc96f2d3eca7c1cde1ac66007c7abc8f9c4c84ee006f0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 001dbed44c86dbcd91e6c15df8a2b9cfce3537b14df08de505d08846a85ddbca
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07e2f0cacb59fe2120abc96f2d3eca7c1cde1ac66007c7abc8f9c4c84ee006f0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC71CA726087C08AE722CF25E4503EE7BA1F7DD7C4F544216EB9947AA5DB38C645C700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298460E0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 157synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 237 7fff298460e0-7fff298460fe GetCurrentProcessId 238 7fff29846103-7fff29846129 237->238 238->238 239 7fff2984612b-7fff29846142 238->239 240 7fff2984614b-7fff29846159 239->240 241 7fff29846148 240->241 242 7fff2984615b-7fff29846172 240->242 241->240 243 7fff2984617b-7fff29846189 242->243 244 7fff29846178 243->244 245 7fff2984618b-7fff29846210 CreateMutexA WaitForSingleObject 243->245 244->243 246 7fff29846356-7fff29846375 call 7fff29845f60 CloseHandle 245->246 247 7fff29846216-7fff29846226 FindAtomA 245->247 248 7fff298462a1-7fff298462d3 GetAtomNameA 247->248 249 7fff29846228-7fff2984623c 247->249 253 7fff29846376-7fff29846384 call 7fff29845f60 248->253 254 7fff298462d9 248->254 251 7fff29846240-7fff29846248 249->251 255 7fff2984624a 251->255 256 7fff2984624d-7fff29846254 251->256 265 7fff298462ff-7fff2984630d 253->265 258 7fff298462e0-7fff298462e3 254->258 255->256 256->251 259 7fff29846256-7fff29846266 AddAtomA 256->259 261 7fff298462e5-7fff298462f0 258->261 262 7fff298462f3-7fff298462fa 258->262 263 7fff29846343-7fff29846351 call 7fff29845f60 259->263 264 7fff2984626c-7fff2984627a _onexit 259->264 261->262 262->258 266 7fff298462fc 262->266 273 7fff29846298-7fff298462a0 263->273 269 7fff2984627f-7fff29846291 ReleaseMutex CloseHandle 264->269 267 7fff29846319-7fff29846323 265->267 266->265 270 7fff29846310-7fff29846313 267->270 271 7fff29846325-7fff29846328 267->271 269->273 270->267 270->269 271->269 274 7fff2984632e-7fff2984633e _onexit 271->274 274->269
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
                                                                                                                                                                                                                                                                                                                                                                              • String ID: JmBpAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAAAAAaaAaAaaAAaaAaaaAAAAaaaAAaaaaaaa$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2382646235-1667820876
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 877cde341158c0cd76a0952921c6032674dc58988bcbb724156bfee214c04d02
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b8630b06be920ba1e6e387a607afee3814c60503d2173f8462f3cece3b2a6ee
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 877cde341158c0cd76a0952921c6032674dc58988bcbb724156bfee214c04d02
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0617B76E0CA9292EB248F65EC012F837E4BF58B55FC89435C90D472A5EE7CA506E708
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298421D0 Relevance: 24.4, APIs: 16, Instructions: 450COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2941551293-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 60452de1f24baeea14f50f5db5e0d3d6527da4ddbe6c3ba13923f76ccaee5c75
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e1aa0b3d6757f97e15d4d838ada8e1beb8ad20361bfc96c54ed13d02e7dca1d7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60452de1f24baeea14f50f5db5e0d3d6527da4ddbe6c3ba13923f76ccaee5c75
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F22F521A09B0682FAB4AF16DC543B822E0FF44B94F8D6536DA1D573A5DF3CE444E34A
                                                                                                                                                                                                                                                                                                                                                                              Function 0000000140001EB0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 123libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_140000000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoad$CloseCurrentModuleProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AmsiOpenSession$AmsiScanBuffer$EtwEventWrite$amsi.dll$ntdll.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1882006414-312513847
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f79a9ac4cb70cac3389d6112d09baae96f7d9292bbfbe1748f6da725bbc422a0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a8cb2b5b22f906fda437f66cb89ad52222800538dedb2d5fafa89bd6d7984ea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f79a9ac4cb70cac3389d6112d09baae96f7d9292bbfbe1748f6da725bbc422a0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F511971B14B9199EB12DB62E8047DE37B5B74C788F800126EF8927B69DF38C645C790
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29831540 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$CloseHandle$AttributesComputerCreateNameReadSize
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .log$C:\Users$Document$\Public\$s\edbtmp
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4150999668-225513687
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a39499fe227a2697c10056fccab6039116797f29939ac7bc59ce5c9d89e6bec1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8130ba9b735b65e931c1c43162146867ac06ad6490a7bf1446e6bf38cae99fd0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a39499fe227a2697c10056fccab6039116797f29939ac7bc59ce5c9d89e6bec1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D31A031A08A4182E760CF22FC0472AB6E0FB84BA4F548234EE9D47B98DF7CC009DB44
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29845FF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 60synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID: JmBpAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAAAAAaaAaAaaAAaaAaaaAAAAaaaAAaaaaaaa$failed to to lock cleanup mutex
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3776795807-1517905248
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a2f16dba5e30068d13c62deedbcae2ec2950db731effa047f9c02625a5553a2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 810a80252524b28599534932ca95d7c2343eebfff609c6aaeb23db545af1578f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a2f16dba5e30068d13c62deedbcae2ec2950db731effa047f9c02625a5553a2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB211F61F09A0282FE749F56EC541B873E4BF44B95B88A935C80D973A8DE3CE845E704
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298419F0 Relevance: 16.7, APIs: 11, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 677 7fff298419f0-7fff29841a07 678 7fff29841be0-7fff29841bed call 7fff298460e0 677->678 679 7fff29841a0d-7fff29841a12 677->679 682 7fff29841a18-7fff29841a26 678->682 687 7fff29841bf3-7fff29841bf6 678->687 681 7fff29841bc8-7fff29841bcf 679->681 679->682 683 7fff29841bd5-7fff29841bd8 681->683 684 7fff29841a2c call 7fff29841000 681->684 682->683 682->684 688 7fff29841a31-7fff29841a37 684->688 687->681 689 7fff29841bf8-7fff29841c04 call 7fff298460e0 687->689 691 7fff29841a70-7fff29841a7d call 7fff298460e0 688->691 692 7fff29841a39-7fff29841a3e 688->692 689->684 697 7fff29841c0a 689->697 694 7fff29841a40-7fff29841a5c TlsGetValue 691->694 701 7fff29841a7f-7fff29841a82 691->701 693 7fff29841a90-7fff29841aa2 TlsGetValue 692->693 692->694 698 7fff29841aa4-7fff29841ab4 call 7fff29840b40 693->698 699 7fff29841a5e-7fff29841a6b 693->699 694->698 694->699 697->688 698->699 705 7fff29841ab6-7fff29841ab9 698->705 701->693 703 7fff29841a84-7fff29841a89 call 7fff298460e0 701->703 703->693 705->699 707 7fff29841abb-7fff29841af6 GetCurrentThreadId CreateEventA call 7fff2983f790 705->707 711 7fff29841c4d-7fff29841c75 call 7fff29840ed0 707->711 712 7fff29841afc-7fff29841b5a GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 707->712 714 7fff298ec8b6-7fff298ec8e4 abort 711->714 713 7fff29841b60-7fff29841b8d GetThreadPriority 712->713 712->714 717 7fff29841b93-7fff29841b98 713->717 718 7fff29841c28-7fff29841c38 call 7fff298460e0 713->718 729 7fff298ec8f0 714->729 721 7fff29841c10-7fff29841c1e 717->721 722 7fff29841b9a 717->722 718->721 728 7fff29841c3a-7fff29841c3d 718->728 724 7fff29841b9e-7fff29841bab TlsSetValue 721->724 722->724 724->714 727 7fff29841bb1-7fff29841bc1 724->727 728->722 730 7fff29841c43-7fff29841c48 call 7fff298460e0 728->730 729->729 730->722
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9fd517c8bf4d1ea52aa76b919848efa7b7ad0d932cdef50c74614de59842be21
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a9008dee086d79fd3c9695b7439046878fa166be2f0b336f11af829198d5f864
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fd517c8bf4d1ea52aa76b919848efa7b7ad0d932cdef50c74614de59842be21
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49712632A09B0286FB749F25E8407B876E4EF54BA4F886235DA5D57394EF3CE444E708
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298B9410 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 386COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 765 7fff298b9410-7fff298b9424 766 7fff298b942a-7fff298b9438 call 7fff2985caf0 765->766 767 7fff298b94a8-7fff298b94af 765->767 766->767 771 7fff298b943a-7fff298b944f 766->771 768 7fff298b945f-7fff298b946c 767->768 772 7fff298b94b1-7fff298b94d3 call 7fff298ebf20 771->772 773 7fff298b9451-7fff298b9459 771->773 778 7fff298b94d9-7fff298b94dd 772->778 779 7fff298b986e-7fff298b987f 772->779 773->768 777 7fff298b945b-7fff298b945d 773->777 777->768 780 7fff298b9470-7fff298b94a3 call 7fff298b19f0 777->780 781 7fff298b9510-7fff298b951e 778->781 782 7fff298b94df-7fff298b94ea 778->782 790 7fff298b94fc-7fff298b9508 781->790 791 7fff298b9520-7fff298b9553 781->791 783 7fff298b94ec-7fff298b94f3 782->783 784 7fff298b9555-7fff298b958e 782->784 786 7fff298b94f9 783->786 787 7fff298b9594-7fff298b95b1 783->787 784->786 784->787 786->790 792 7fff298b95b7-7fff298b95bf 787->792 793 7fff298b99df-7fff298b99e4 call 7fff298ebf20 787->793 791->783 791->784 798 7fff298b9880-7fff298b988b call 7fff298b16e0 792->798 799 7fff298b95c5-7fff298b95d4 792->799 801 7fff298b9890-7fff298b9896 798->801 805 7fff298b95da-7fff298b9612 799->805 806 7fff298b97a0-7fff298b97b7 799->806 803 7fff298b9898 801->803 804 7fff298b9842-7fff298b986a 801->804 809 7fff298b989a-7fff298b98ae _errno call 7fff298ec6f0 803->809 810 7fff298b98b9-7fff298b98c9 803->810 804->779 807 7fff298b9622-7fff298b9625 805->807 808 7fff298b9614-7fff298b961c 805->808 814 7fff298b962b-7fff298b962e 807->814 815 7fff298b9920-7fff298b992e call 7fff298eaed0 807->815 808->807 811 7fff298b9988-7fff298b998b 808->811 830 7fff298b98b0-7fff298b98b3 809->830 812 7fff298b98cb-7fff298b98cf 810->812 813 7fff298b9910-7fff298b9914 810->813 822 7fff298b99ba-7fff298b99bd 811->822 823 7fff298b998d-7fff298b9993 811->823 818 7fff298b98d3-7fff298b98fe 812->818 813->818 819 7fff298b9960-7fff298b996a memcpy 814->819 820 7fff298b9634-7fff298b9657 814->820 834 7fff298b9930-7fff298b993a 815->834 835 7fff298b99a3-7fff298b99b5 memcpy 815->835 831 7fff298b9974-7fff298b9977 819->831 825 7fff298b9958 820->825 826 7fff298b965d-7fff298b966b 820->826 822->820 829 7fff298b99c3-7fff298b99ce call 7fff298eaed0 822->829 823->819 827 7fff298b9995-7fff298b99a0 call 7fff298eaed0 823->827 825->819 832 7fff298b966d 826->832 833 7fff298b96dc-7fff298b96fd 826->833 827->835 829->834 830->810 830->831 831->809 838 7fff298b997d 831->838 839 7fff298b9670-7fff298b96b0 832->839 843 7fff298b99d3-7fff298b99da call 7fff298ec610 833->843 844 7fff298b9703-7fff298b9718 call 7fff298b16e0 833->844 841 7fff298b993c call 7fff298eaea0 834->841 842 7fff298b9941-7fff298b9948 834->842 835->834 838->811 851 7fff298b97c0-7fff298b97c7 839->851 852 7fff298b96b6-7fff298b96c5 839->852 841->842 842->825 843->793 853 7fff298b971e-7fff298b9722 844->853 854 7fff298b9800-7fff298b9806 844->854 859 7fff298b97cb-7fff298b97de 851->859 857 7fff298b96cb-7fff298b96d6 852->857 858 7fff298b9830-7fff298b9833 852->858 853->809 856 7fff298b9728 853->856 855 7fff298b972b-7fff298b974c 854->855 855->839 860 7fff298b9752-7fff298b9755 855->860 856->855 857->830 857->833 858->810 861 7fff298b9839-7fff298b983c 858->861 862 7fff298b9810-7fff298b9813 859->862 863 7fff298b97e0-7fff298b97e3 859->863 860->859 864 7fff298b9757-7fff298b975a 860->864 861->804 866 7fff298b9900-7fff298b990c call 7fff298ec610 861->866 865 7fff298b9816-7fff298b9828 memcpy 862->865 863->865 867 7fff298b97e5-7fff298b97f7 863->867 864->833 869 7fff298b975c-7fff298b978b 864->869 865->867 866->813 867->854 869->779 870 7fff298b9791-7fff298b979d call 7fff298ec610 869->870 870->806
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: basic_filebuf::underflow codecvt::max_length() is not valid$basic_filebuf::underflow error reading the file$basic_filebuf::underflow incomplete character in file$basic_filebuf::underflow invalid byte sequence in file
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2144588626
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a55671cdb88933f6ba48b18eac603ab5d28ac825c0c8b82c2865f7f5b72913c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b2a904bfc4c125aa51d2cb2fef62fdfc8a145ba01bd3f89f4189fac72cbfe6aa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a55671cdb88933f6ba48b18eac603ab5d28ac825c0c8b82c2865f7f5b72913c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE1AB22A09B8584EB619F25D8603A933E4FB05F9CF9C4135CE4D8B799DF3AD885D344
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298326D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 149synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual$memcpy$AllocAttributesCreateExitFileFreeObjectProcessProtectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users$Document$\Public\
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3126602049-4174601542
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 676610f47141b432d8798da8a8654989da39cd066b25fa190d40160360acbd44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0abee6f58bab400bebdc3916b152db4a699ac48d23e82db875988f1d2dce9218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 676610f47141b432d8798da8a8654989da39cd066b25fa190d40160360acbd44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E617132A1968186EB60CF61E8443AEB7E1FBC5754F589538EA8D47B88DF7CD4049B08
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29832BF0 Relevance: 6.1, APIs: 4, Instructions: 60memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual$AllocCreateProtectThreadmemcpy
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 408756765-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff439a08b11d3df843ec921622103f5e4daba08741619ef63310ed86ed017740
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 690b3cf1d2f19d7a2fb5871f3bc90cc629e20d232b93ca7df2f78e3a5ca6c41b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff439a08b11d3df843ec921622103f5e4daba08741619ef63310ed86ed017740
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25115962B09A8181EB258F76E8407AA63A0EB04FD8F4CC039CE4D47758DF3CD996D345
                                                                                                                                                                                                                                                                                                                                                                              Function 0000000140015DA8 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_140000000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1532d7661d2f69f921d0c62baece35f7f6aae2f4b9f90ca40a0363544b4270be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d1d26fec36d116825a312b836714884d6d7f56203382e215b0231ca63005cda
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1532d7661d2f69f921d0c62baece35f7f6aae2f4b9f90ca40a0363544b4270be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80D09E3070070482EB1A7B72A8A93EC12715B4C782F50142CBA470F3F7CD7ACC298301
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298EAF00 Relevance: 3.9, APIs: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e6fa14433507460a93854058d7e8f82308f43ff8e495a50160e6956b7680719
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b4df353331fa5af5e9224f95dc1443c1e31ef426a96065eae35964e5cef0a9aa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e6fa14433507460a93854058d7e8f82308f43ff8e495a50160e6956b7680719
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121B562B1674555FE689F65AC213F812D0AF487A0FDD4638DE6D073C2DE3CA545D308
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29842CE0 Relevance: 3.7, APIs: 2, Instructions: 652COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: realloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 471065373-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e39a27bbab524876301827d640aa3b98595c1b59a7c808045e552a4194af38d1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bffc093b1883092a643763c0cb03534852d77ce382306989af0da98935643d50
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e39a27bbab524876301827d640aa3b98595c1b59a7c808045e552a4194af38d1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B623872A09B0682EA759F09E9403F867E0FF44B84F88A436DA4D47395EF7DE450E249
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29842BB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: callocfprintf
                                                                                                                                                                                                                                                                                                                                                                              • String ID: once %p is %d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3366074580-95064319
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9029b083b3cb28bea5866e93b48103f2242c225f2c2f9fe7469a7f90ead52c83
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 343b54783c8bacb95f47fc06290fdbd65bab1ca47b29ab35c9f06c82f94b7bb9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9029b083b3cb28bea5866e93b48103f2242c225f2c2f9fe7469a7f90ead52c83
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34317F72A1970582FA759F15AC016FA62D4BF84794F8C5136EE4C43391EE3CD481E209
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298B1740 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno_write
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3328065147-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3add879e6909423cfa835ed7550e10038c975182bb1cdba65b264276c7dae0bd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4f4f14ca92c4205aa08986e79ab978878fadc1dbf81ba530b252e1cf7330be2b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3add879e6909423cfa835ed7550e10038c975182bb1cdba65b264276c7dae0bd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF09013F1600248FA321E263C248F905D14B49BF1EAC4270DE1D4BBC4DC3CA882A318
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298316A0 Relevance: 2.6, APIs: 2, Instructions: 64stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$strcpy$AttributesCloseCreateHandleReadSize
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3764122392-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ef0b0b195747050f2955881c626dda0378176d14d67b85ef8868484bd5c14b43
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c83035482a193a7f0c9df45a809bf41c6f2286003587ad6cc6adb23faf6c128f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef0b0b195747050f2955881c626dda0378176d14d67b85ef8868484bd5c14b43
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 162192727186C582E7708F11E8547EEA6A1F788788F885138EE8947B88CFBDD1049B08
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298B16E0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2918714741-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 69985b48d791051aec5a933a0ec7d0ee533d7a3f845833353e83b6f2732f3fb3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 62efb0462722e37be0d1be3888d0a9cd80d52e577fe642d1aa11fc86862a0581
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69985b48d791051aec5a933a0ec7d0ee533d7a3f845833353e83b6f2732f3fb3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72E0ED12B1902144F9312E632E684B955C01B0AFF2E8C4230ED1E8B7D4EC2CA8829348
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29832960 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AttributesExitFileFreeProcessVirtualmemcpy
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3994980025-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8be7b2d4ed4f268bbff01c8b4fe2e0ea3c622c3bbb25ac89f0fb9c1cd28f3801
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ce3bca0bd27a1b2d6a7b47988d41be3d1634ce03f25dfc0cc5ff98710a270c8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8be7b2d4ed4f268bbff01c8b4fe2e0ea3c622c3bbb25ac89f0fb9c1cd28f3801
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22B01210D0C58582F1283F310D034BC10540F1D303F040439C00E010474DEC50401615
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29832990 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b31cd6005d3782ed49258961cfd2f8590891b827cc8fec5ff8e28c717ae5bb1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b69a841ed43f2251c15675ac8ed2a7e3c6e5f09790f4a4ef4e70fbabaf7a021
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b31cd6005d3782ed49258961cfd2f8590891b827cc8fec5ff8e28c717ae5bb1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01D0C736915A5480E7455F36FC4034577A4E75CF54F489011DE4D033189E38C4978701
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298D1430 Relevance: 1.4, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1f28e57262affe104452a104574e0a15ee3d17d1acb8876a599b61ad99473d9a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9bba7c0572203ca64c857579be847c284528882e971ac8b21df59a96900271b0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f28e57262affe104452a104574e0a15ee3d17d1acb8876a599b61ad99473d9a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0141B322A0965681EA749FA2EC143BD22E4BF05BD4F884234EEAE077C1DF3CE445E354
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29834011 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 31a35740a9d526e437e77eb78fce5c19cc7df83252d96af1a9611df6cb32654a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f09298ab68f00b8b6653ba02d15ba0befb8d2f29f3a669c44d12e1cb82fb8913
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31a35740a9d526e437e77eb78fce5c19cc7df83252d96af1a9611df6cb32654a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1313733A09B0181E3308F25E8913A937E0EB84798F984135E6CC477A5DF7DD584E788
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29833BB8 Relevance: 1.3, APIs: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 11ce1e2360225b6362eace3e65ee38c79cf53f4f63e2ba9ff9c66a460464c4ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cf616a765e0bbc17ffac992a69dea712fbb6657258e73b5c840c7c69fe1a0283
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11ce1e2360225b6362eace3e65ee38c79cf53f4f63e2ba9ff9c66a460464c4ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F311672A09B0582E7248F04F8A53A937E0FB48798F984529D6CC073A5DF7DD184E788
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298342B0 Relevance: 1.3, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b9ba80b0ca98a85617685bfa4f190a700363ba20a1115e478bb2af2c416e7db1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 21770229fd05848068470fc0a83dc58105d8b2d7d198d79c6d753320f3450690
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9ba80b0ca98a85617685bfa4f190a700363ba20a1115e478bb2af2c416e7db1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5731D532509B0482E7308F09E89539A37E0FB94798F984629D2CC077A9DFBDD184D748
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29834392 Relevance: 1.3, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: befb3041d7794888a1412f02bbd7bb92771b2b11f9a722ec7409586da115e6f2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0766967ffef4a94066b71b628badb9dbf8b1102ead514ae496398c79a5a38360
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: befb3041d7794888a1412f02bbd7bb92771b2b11f9a722ec7409586da115e6f2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB31E232909B0482E7208F08E8953A937E0FB94788F984629D2CC077A9DFBDD184E748
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298341B7 Relevance: 1.3, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4338d109665c47ecc87730a38cbae0a7b7619f6351c9e5889f68e0517de91cb6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fedd7114153734e4001bac19cf21d28766ad4fc5f4c3f63cbb9d1393564b9534
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4338d109665c47ecc87730a38cbae0a7b7619f6351c9e5889f68e0517de91cb6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A211572909B0582E7308F09E8953A937F0FB98748FA94629D2CC077A9DF7DD184E748
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29834139 Relevance: 1.3, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 46cf771e8f142d596c9ee41760d7d2eb8860b4a802777449857acf025d9cff3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fc5e36cf25752ad69817efbf78a5b452c7ba49fd9903917b0dedc91ffe531139
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46cf771e8f142d596c9ee41760d7d2eb8860b4a802777449857acf025d9cff3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54212672A09B0182E7308F04E8903A933F0FB98748FA94529D2CC077A9DF7DE585E748
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29834178 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: de83ba08015707ac9e35b4450e7053ff6fdd08c8b1d27123b42d0710df177082
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a32315bb7e9679f2cb5e51b616ba1468bd0a14322d30d775264c7ef5969833c0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de83ba08015707ac9e35b4450e7053ff6fdd08c8b1d27123b42d0710df177082
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F110772A09B0182E7208F14E8903A933F0FB88748F995529D2CC077A9DF7DE584E748
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF2983432E Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91801550b985a80ae6911f8239d4bbae8130a29b342fcc6e5c53158a5ca599b6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 339ae639dbcca36e84e987bb06cb0f2860e13ea67223baf8edfe9d8fe7fa9ab9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91801550b985a80ae6911f8239d4bbae8130a29b342fcc6e5c53158a5ca599b6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5011F872909B0182E7248F14E8903A937F0FB88748F995539D28C077A9DF7CE585E748
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298341F6 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c0caf4021958d847d81a7feb3a7a4372b9ea09f993df5643bdcebee1edbf501e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d72b65205fc22ce624b47b173f8b70f823cf31d1b041dcf5e4916b72014ecc7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0caf4021958d847d81a7feb3a7a4372b9ea09f993df5643bdcebee1edbf501e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F112A72908B0182E7348F14E8903E832F0FB84748F995139D28C077A9DF7CE585E348
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF298342EF Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500534316.00007FFF29831000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFF29830000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500510361.00007FFF29830000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500754430.00007FFF298ED000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500778993.00007FFF298F1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500840681.00007FFF2991E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500860818.00007FFF2991F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500878435.00007FFF29920000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500896169.00007FFF29921000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500915672.00007FFF29924000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29830000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0ba21ee23b7ab89526c5cac387817d8213f4bc400680f4d84d06d176ad5c418e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bbc94fa1c17532e07a69290a014cd2784459570a8f305ba2bf22db56730bce73
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ba21ee23b7ab89526c5cac387817d8213f4bc400680f4d84d06d176ad5c418e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49111B72908B0182E7258F14EC903E832F0FB84748FA99139D28D07799DF7CE451E788
                                                                                                                                                                                                                                                                                                                                                                              Function 000000014001F080 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1499544151.0000000140000000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_140000000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fcbbed4990de24300b92e411bd52c839d7938e91a25e7707b5a03ab09d9bd435
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c433ad07c25840409f1d212039798848c1f84dd7df2887af716e0b8fc6a38716
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcbbed4990de24300b92e411bd52c839d7938e91a25e7707b5a03ab09d9bd435
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F05E7470260485FE67676799513F512816B8DBD0F5C89356F0A8F3F3EE7EC9819210

                                                                                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB0A90 Relevance: 180.6, APIs: 85, Strings: 18, Instructions: 385libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionHandleLastModuleProcThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CreateRemoteThreadEx$CreateUmsCompletionList$CreateUmsThreadContext$DeleteProcThreadAttributeList$DeleteUmsCompletionList$DeleteUmsThreadContext$DequeueUmsCompletionListItems$EnterUmsSchedulingMode$ExecuteUmsThread$GetCurrentUmsThread$GetNextUmsListItem$GetUmsCompletionListEvent$InitializeProcThreadAttributeList$QueryUmsThreadInformation$SetUmsThreadInformation$UmsThreadYield$UpdateProcThreadAttribute$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1942842289-2643937717
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 74c6fe95a6eb29dfe0e8c85c350aadb373df5a71b59d2473c4cbf756039a0b76
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e4fac4af1e1755d6c231f4c01a0af8f4c77d84d4db5d0e23b4718a02d19118e0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74c6fe95a6eb29dfe0e8c85c350aadb373df5a71b59d2473c4cbf756039a0b76
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0802E830A09F4795FE64EF65EDA42B823E1BF48784F805435D88E87269EE3CE505A731
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DBC978 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo_wdupenv_swcschr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: COMSPEC$PATH$cmd.exe
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3920047325-2181018070
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cd2db5534003190b8d112de44540c4229bfed928538c97696f1807d7f86d43c0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f70c4f9f3af83f3feb941953d6d664ecaa83acc0b9d4eaf4eef670cc7434625
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd2db5534003190b8d112de44540c4229bfed928538c97696f1807d7f86d43c0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E61A125A1870685FB749F75ADB16BD22E0BF44B90F948535EE9C07B81EF3CE442B214
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DC8AA4 Relevance: 29.0, APIs: 19, Instructions: 452COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_invalid_parameter_noinfo$_get_daylight$_gmtime32_s$__tzset_isindst$_getptd_noexit_lock_tzset_nolock
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3877856367-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ae94057a22d4cca2325390f4e747143e6e54071b47b14ee94e885546e6c2012a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73deafb0010a97efdf8eb15f41cde57287da00d16662a2e618f6734483c8fa4a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae94057a22d4cca2325390f4e747143e6e54071b47b14ee94e885546e6c2012a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9702C272F562128BF7788E38CD11BBD22E5EB50749F944539DA4A87A85FF39E402B700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DCAC10 Relevance: 28.9, APIs: 19, Instructions: 427COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_get_daylight$_gmtime64_s_invalid_parameter_noinfo$__tzset_isindst$_getptd_noexit_lock_tzset_nolock
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1590302362-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 328175e185691048742d19741dacdcbbb60af5cfe4c89c24852a3812ffc141e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 868973dc01aea72698e31c550119c736512d85deac1cc8c38d94f0fa1ac7293a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 328175e185691048742d19741dacdcbbb60af5cfe4c89c24852a3812ffc141e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1F181B2B0564687EB28CF64DD517B823E5EB54789F80813ADA4D4B789FF3CE502A740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DBAC9C Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo_wdupenv_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID: COMSPEC$PATH$cmd.exe
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 669041471-2181018070
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e2fe611b1b9b3298174c6a4329ea49af5d7029ec8b6e6db61bd79ad045e68a76
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a5a93670bf2c350c55002fe1a8a6d132c1997dd52900993e75129d516eca193
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2fe611b1b9b3298174c6a4329ea49af5d7029ec8b6e6db61bd79ad045e68a76
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC61AD25F0874686FB749F66AD716B922E0AF44B94F844535EE9D07B86EF3CE441B300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E078C4 Relevance: 21.2, APIs: 14, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Wcsftimefree$_amsg_exit_calloc_crt_calloc_impl_getptd_lock_malloc_crt_mbstowcs_s_l_mtinitlocknum_wcstombs_s_l_wsetlocale
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2664782389-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d9f4017db313b2656382301233cc50c2d52cd8eb7e6c81638ca2f9b7c1a17a4d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 30c9f83b0c1cb2fc0dc367d42c42356e81efe359173e395366c65f4823b7e57c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9f4017db313b2656382301233cc50c2d52cd8eb7e6c81638ca2f9b7c1a17a4d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A681C932A18A8281E774DF21AC9277E62E1FF84794F405235EACE97AD5EF3DD404A710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DBBD1C Relevance: 19.7, APIs: 13, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_calloc_crt_waccess_sfreewcomexecmd$_getptd_noexit_invalid_parameter_noinfowcschr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2417699090-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3e7a214e97b989b4d54db667c43ca43207129f7e51f37c102136b7858a8ddf8f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7693320bb154c71f7b46044a8636cf196175cee0e4ef91d5ead05b1bbb266d9e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e7a214e97b989b4d54db667c43ca43207129f7e51f37c102136b7858a8ddf8f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1351D215F0964241FE74AE265D3267A12D1AF84BD4FC48539EE9D4BBD6FE3CE402B600
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DBA97C Relevance: 18.2, APIs: 12, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_access_s_calloc_crtfreewcomexecmd$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3248158332-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: edafe55a9d692e24983eedea78a5ff32a0d4f2a51f22986e7381e26d5696cb5e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c220798dda1d38cb845a55d322b2cc96323703d322e017065b76d4e8f7c7428d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edafe55a9d692e24983eedea78a5ff32a0d4f2a51f22986e7381e26d5696cb5e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1661B325A0964241FE38EE229D3277A62D1AF85BD4FC48535DE9D57BC6FE3CE402B210
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB9F6C Relevance: 18.2, APIs: 12, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_access_s_calloc_crtfreewcomexecmd$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3248158332-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 04f49833491f3693a0c87c34124875334ac9a5ec2751e1fe5c2d092d0624bbab
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 041a0eb33251690c28b1dd189183e1894e2509b1ea053dc941c67dcbc7e35d62
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04f49833491f3693a0c87c34124875334ac9a5ec2751e1fe5c2d092d0624bbab
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D951B311B0964241FE74AE329D3267A52D1AF85BD4FD48535EE9D4BBC6FE3CE402B200
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E04FC8 Relevance: 10.7, APIs: 7, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$CurrentErrorLast_calloc_crt_getptd_noexit_invalid_parameter_noinfo$ProcessThread_call_reportfault_initptd_umask_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3194223110-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa2d89d4a501b204293dafc6466343ac521f0274932d2456526a6a14b827268d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ca720633f6240415e81d5515dc41a77887734a16a7939dd2e20fa19699fc42b9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa2d89d4a501b204293dafc6466343ac521f0274932d2456526a6a14b827268d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C61E631B18A4242FF34AF329E9677E62D1AF45B84F948435DF8D57A86EF2CE001A710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9FE10 Relevance: 7.8, APIs: 5, Instructions: 286memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00007FFF29D9FE2A
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerProxy::AdjustAllocationIncrease.LIBCMT ref: 00007FFF29DA00D7
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00007FFF29DA0156
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00007FFF29DA01BA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::$Manager::Resource$CorePrepareReceiversTransfer$AdjustAllocationBuffersIncreaseInitializeProxy::Scheduler
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2613643532-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bb44fd3d83df74d2efde7493fa3a4b9041da057306ab80ca63911283cd9e20af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 26a153c3354cc76f2643f7b27d54de897f4743d80f2225dabe0b2d3d6a0faaf3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb44fd3d83df74d2efde7493fa3a4b9041da057306ab80ca63911283cd9e20af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FC1CF32A082818BE774DF29DA8076D77E1F749784F908135CB8E57A44EF38E865EB44
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DFFB50 Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 150libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFB79
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFBA0
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFBAE
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFBC9
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFBE5
                                                                                                                                                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFBF7
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC0E
                                                                                                                                                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC17
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC2E
                                                                                                                                                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC37
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC4E
                                                                                                                                                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC57
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC73
                                                                                                                                                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC7C
                                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC89
                                                                                                                                                                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFC9B
                                                                                                                                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFCB6
                                                                                                                                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFCC6
                                                                                                                                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFD1C
                                                                                                                                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFD3D
                                                                                                                                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,00000028,00000000,00007FFF29DB3A5E), ref: 00007FFF29DFFD57
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Pointer$Encode$AddressDecodeProc$LibraryLoad$DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1664877129-564504941
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a1e000e26431c4f60e30481da375db8d653dc6151b1bc1e9cf999fee6be411cf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f7ddf2cdf6003e007f5f963ebb46a46d31488197c9cc2745b7c02d230834f4bb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1e000e26431c4f60e30481da375db8d653dc6151b1bc1e9cf999fee6be411cf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C511471A0AF0391FE749F56ED9527422E1BF48B81F880438CC9E43B64EE3CA445B625
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D97A18 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 223memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception$Throw$std::bad_exception::bad_exception$std::exception::exception$Concurrency::details::CoreProxy::SchedulerSubscription$Copy_strDecrementEventFileHeaderIncrementObjectProtectRaiseSingleVirtualWaitstd::exception::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID: pContext
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3561581180-2046700901
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6a9e4accef1c83544ec38d1ddc000568bb9f6d8630b34ef51364b51b4082dfc5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4f4d5c2527fd97e74b5efe651354ec53df72f62a53ea81b331a096213a9ca33e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a9e4accef1c83544ec38d1ddc000568bb9f6d8630b34ef51364b51b4082dfc5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1A15076A09A4685EF60EF25E8903BC63E0FF84B88F944431DA8D477A5EE3CE545E350
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9BF40 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrow$std::exception::exception$Information$LogicalProcessorstd::bad_exception::bad_exception$Concurrency::details::ErrorLastManager::ResourceRetrieveSystemVersionfreemalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: count$pGroupAffinity
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 859826352-3379709940
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 694978d50bb220ff0fff9c49e3ded99086e7dfa8afef7f0fe9880f465c7f3764
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40f87576b84dcf2f16572ffc9153b0377f1469ac437b3cbec628c573cf9b65f5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 694978d50bb220ff0fff9c49e3ded99086e7dfa8afef7f0fe9880f465c7f3764
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7C16B32A08A4295FB35AF20EC906B863E1EF54754F904536DA8D477A9EF3CE685F310
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA2A24 Relevance: 34.8, APIs: 23, Instructions: 336registrytimeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrow$HeadInitializeList$std::bad_exception::bad_exception$Concurrency::details::Scheduler$Concurrency::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastManager::PolicyResourceTimer$CoreCountPolicy::_$CloseCreateLibraryLoadObjectPolicy::QueueReferenceRegisterResolveSingleThreadpoolValidValueValuesVersionWait__crtmalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1744861470-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2da74fefce2e70ec1a121622e410584f27a24ea435fc48310f347926384dabba
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e6258ae2421daa8e7e41cf71fe947a400e6eb50c0c1e03ad6af614493e8df5c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da74fefce2e70ec1a121622e410584f27a24ea435fc48310f347926384dabba
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1F16872604B8197EB28DF25D9842AC73E4FB48B80F504139CBA9637A5EF38E435E744
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB6D34 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 125fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$Time$__time64_t_from_ft_invalid_parameter_noinfo$ErrorFileLastSystem$DiskFindFreeLocalNextSpaceSpecific__loctotime32_t_getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :\
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1990505279-112054617
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9fb82acdc1c944e0967e5079743ceff0a75a0676323395445e9563d80857eb5a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8b3cc2a44ee76128cd803708b1c54eed6d4ae381c02b4ff76902ea03403d1335
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fb82acdc1c944e0967e5079743ceff0a75a0676323395445e9563d80857eb5a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97516F65A0864282EB749F24E9712BE63E1EF80764FD08135E69D47AD5EF3CD405BB10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DAEB20 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 60libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetTraceEnableFlags$GetTraceEnableLevel$GetTraceLoggerHandle$RegisterTraceGuidsW$TraceEvent$UnregisterTraceGuids$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2340687224-19120757
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bda34026894fb06d5019c491b7b7eb460b9086530b261df7d8077cba0b281063
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: eff2aa1caefe8146d039b4c3a3458eceb2b758b161be58fc4f2c4d8a49a048f1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bda34026894fb06d5019c491b7b7eb460b9086530b261df7d8077cba0b281063
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A21D530A08E43A1EA68DF56FDE417423E0FF48B90B846039D95E4B760EF3CE064A721
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA58E8 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 365threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrowstd::exception::exception$Concurrency::details::FindMatchingNode::ProcessorSchedulingSwitchThreadVirtual
                                                                                                                                                                                                                                                                                                                                                                              • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2920139347-3650809737
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d4b8de88b93a36ee0f7523ac3bc14fba1e23b8ebea0d147a62aeba20e200999d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04852826c88ea2ef6ebd97f6a31074a50e626394ff3bcb3b2c46a22d1102d87d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4b8de88b93a36ee0f7523ac3bc14fba1e23b8ebea0d147a62aeba20e200999d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69F1D332B05A468AEB64CF25D8946AC73E1FB88B94F808135DE8D4B758EF3CE455E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA6D38 Relevance: 21.1, APIs: 14, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::PolicyPolicy::_Scheduler$ExceptionResolveThrowValidValueValuesstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3697622492-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dd1a1c007d38d23520cd33191e7cf227cc9a3aec339e01c6a3b91b3b1092103b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6220d2748bd6c9e382e2a7ea9037afc5d5420e6e7ae39cd0a4ed7283cfaced20
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd1a1c007d38d23520cd33191e7cf227cc9a3aec339e01c6a3b91b3b1092103b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09517076B08A4695EA30DF15D8900AD63E1FF94784FD04532E68D87BA9EF3CE614E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB4DF0 Relevance: 19.6, APIs: 13, Instructions: 93threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastThread$CreateExit_calloc_crt_callthreadstart_dosmaperr_errno_freefls_getptd_initptd_invalid_parameter_noinfofree
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 755634055-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6b3b9abd1194b6853b59fcd58a06f8905042a0e97382c14c42148b8fe201a2eb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 126350317ab5113b0f724c335ee9c645b2f4c78800d9e64cf0a167c5204a8ebc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b3b9abd1194b6853b59fcd58a06f8905042a0e97382c14c42148b8fe201a2eb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE31C421A09B4286EE24DFA59C71279A2D0FF44B90F844535EE9C07796EF3CE451B710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D94FB0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1441640566
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: df23130a4104c20da9375ce86494fab9f65f2c8e64f78da31fd35f008ce38c64
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9125b19c734283c080aa91097ba347ca02a98cc7cf12a8a9505f16cc1a629b53
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df23130a4104c20da9375ce86494fab9f65f2c8e64f78da31fd35f008ce38c64
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00518E36609B4296FA60EF11E9503AD23E0FB46794F804135DA9D07B92EF7DE069E740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9695C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception$Throw$CriticalSectionstd::bad_exception::bad_exception$Copy_strEnterEventFileHeaderLeaveRaiseValuestd::exception::_std::exception::exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID: pScheduler
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2246184534-923244539
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: abe128e7089081c2ae982a56ce22c35c15799e5d2116d27e9f5175baa2fd4e98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f2196acb9a3490b489c557227a95234764d9755f142ef906dad698b16a99881
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abe128e7089081c2ae982a56ce22c35c15799e5d2116d27e9f5175baa2fd4e98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C731B436A08B4291EA30EF11E8941B973A1FF447A0FD54531DA9D436A5EF3CE945E710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9BF38 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$AffinityConcurrency::details::CurrentExceptionManager::ResourceThrow$CaptureInformationMaskRetrieveSystemThreadVersionstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID: dwAffinityMask
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1798615081-4260635329
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e017da74c678feccb7e2b0945ee0c8cb3393ac9625b78b8e0ace919e193ad6c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10ee3f0fed4754541d2afcede1ff002bb52b9607951670e27e91c21c479701c9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e017da74c678feccb7e2b0945ee0c8cb3393ac9625b78b8e0ace919e193ad6c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27513731A09B4689FB21AF21DC913B823E4EF48B84F844535DA8D477A6EF3CE545E361
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD0D28 Relevance: 16.7, APIs: 11, Instructions: 219COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$UpdateUpdate::__errno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 737994300-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dadc3fcf97a049f670a92d5a214c07e85ca7149173a9db01ee576f44a8ce7d3d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a2624cd55e8d48c4915f04c211eb25a105a2621685b2947c1fe8a7f9e65fb8e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dadc3fcf97a049f670a92d5a214c07e85ca7149173a9db01ee576f44a8ce7d3d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A91B423A0C68285FB749F90DD4067966E4EF447A4F945235EEAD43AC4EF3CA442F760
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E21A6E Relevance: 16.6, APIs: 11, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: lgamma_big$_fdlog_fdsin_fperrraise
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3925679366-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 794e840d84d7524b3d998851c6cd53d68791bcf4a17125655d774537d415746b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 22195a6db85432234c5ed997886b12f9a6c1e45cf635203689f428513400910b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 794e840d84d7524b3d998851c6cd53d68791bcf4a17125655d774537d415746b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB519B32D18E4A86E726DF368CC10B8B3E0FF5D745B199731E94D37561EF287584A610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DCEAF4 Relevance: 15.1, APIs: 10, Instructions: 133COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$UpdateUpdate::__errno_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 737994300-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bd9f1d80d0d7bb799fc9be848a7bcb4fe50fa85783fe88e2d422f1ff45bc21c0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ee0d5b87d41111959eec8a6920541d9937f3d4b7b4f3cca89e97fcafe8b5187
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd9f1d80d0d7bb799fc9be848a7bcb4fe50fa85783fe88e2d422f1ff45bc21c0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A951C67260A74285EB308F2199801797BE0FF44BA1F944635DAAE077D5EE3CD802F714
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD5BA8 Relevance: 15.1, APIs: 10, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3191669884-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbb76dcbcaaf77a2659b10dce1779303fd1b6ecce4782eb442c38da9fe579b45
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5eda9dddfc5a47df616ef0b8cc6d1467ac7d2bb6102493a2e7608a5a5b8d6478
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbb76dcbcaaf77a2659b10dce1779303fd1b6ecce4782eb442c38da9fe579b45
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F631AE72A0874586EB309F8598406AE67E0FB84B90F954131EE9C17B89EF3DE841FB50
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DAEC34 Relevance: 15.1, APIs: 10, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: EncodeErrorLastPointer
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 688273888-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3baeb78c5e223f2b1e7d4f5249e9796c4e909d15678900ed019f7baabf4ffe68
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 13a47f97e6587e99465e68b2a456774bac8440612451f95188ec7e310a96479b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3baeb78c5e223f2b1e7d4f5249e9796c4e909d15678900ed019f7baabf4ffe68
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F41D830A08E8281FA745F35ED9427927E1AF087A0F440639D5AE5B3E0EF2CE455F636
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB6844 Relevance: 15.1, APIs: 10, Instructions: 78fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$Time$__time64_t_from_ft$FileSystem_invalid_parameter_noinfo$ErrorFindLastLocalNextSpecific__loctotime64_t_getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3177878139-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a6f15e7c6bedc10d7e48e26f76b8eb2af98cfa68b047235fbdbe909b14224948
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e1c1ca064ef8c6779a25d3161882bfc488a7e09ad4c7d39a510fd120ccd19715
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6f15e7c6bedc10d7e48e26f76b8eb2af98cfa68b047235fbdbe909b14224948
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7315D3A90864682EA709F65E8B537E63E0EF84768FD04231E6AD476C5EF3CE400B750
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB6ABC Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$Time$__time64_t_from_ft$FileSystem_invalid_parameter_noinfo$ErrorFindLastLocalNextSpecific__loctotime64_t_getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3177878139-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a90dda554c5d71b5a6d59f1a1771dc530f1655e7bebfa14344707c0ea83367a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6fddc7e44697103ee9644d0d8248dd37c328f161bb0be3fe098f32aa727c677d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a90dda554c5d71b5a6d59f1a1771dc530f1655e7bebfa14344707c0ea83367a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80313C76908A4681EA709F64E8B537E73E0EF84720FD04231E6AD876C6EF3CE404B655
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DAE880 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 87timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::Timer$ExceptionManager::QueueResourceThrowVersion$CloseConcurrency::details::_CreateInformationLibraryLoadReferenceRetrieveSharedStopSystemThreadpoolTimer::___crt
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1086214778-1441640566
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 90bb4a6ae6ef6480e73c7367ea21516aea8c99339dd98beb03044d78fb2e668e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b1107799f3c44ff7b8d21dae169060aaecd0e58038968de534b94770797e021
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90bb4a6ae6ef6480e73c7367ea21516aea8c99339dd98beb03044d78fb2e668e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95416F31A09B4696EA309F21E8802A973E4FB84744F900035EBCC47B95EF3CE555EB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9AA4C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00007FFF29D9AA85
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D922B4: TlsGetValue.KERNEL32 ref: 00007FFF29D922CA
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::Version.LIBCMT ref: 00007FFF29D9AA92
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9BD00: Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCMT ref: 00007FFF29D9BD66
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::GetSharedTimerQueue.LIBCMT ref: 00007FFF29D9AAC9
                                                                                                                                                                                                                                                                                                                                                                              • CreateTimerQueueTimer.KERNEL32 ref: 00007FFF29D9AAEF
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29D9AB4D
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29D9AB92
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DAF3D4: Concurrency::details::ReferenceLoadLibrary.LIBCMT ref: 00007FFF29DAF3EA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DAF3D4: __crtCloseThreadpoolTimer.LIBCMT ref: 00007FFF29DAF415
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::$Timer$ExceptionManager::QueueResourceThrowVersion$Base::CloseContextCreateCurrentInformationLibraryLoadReferenceRetrieveSchedulerSharedSystemThreadpoolValue__crt
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 559911935-1441640566
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c00e119edaf967409e9b23da85d4f95b0489ed70f53ab4eb1cbb16369722b46
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ad345e1794e86abda34ffa22254ac25aa62fb87b366e1bf9cad9d1be81c5bb56
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c00e119edaf967409e9b23da85d4f95b0489ed70f53ab4eb1cbb16369722b46
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A318D32A08B4695EB20EF11E8543A973E0FB44748F944135EA8C477A5EF7DE145E740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DDEA89 Relevance: 13.8, APIs: 9, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: write_multi_char$_errno_getptd_noexit_invalid_parameter_noinfo_validate_param_reusefreewrite_charwrite_string
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3923993336-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 505dfca8195db34d08e1864960fa4fc91fc66fc1606e61ea8451fbf0bbf34494
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10a537649794f1e125068f310f7fe70e98dae8accc792fabfb0dece26d9a7f89
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 505dfca8195db34d08e1864960fa4fc91fc66fc1606e61ea8451fbf0bbf34494
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9ED1D037E2865285FB748EE998402BD27E0FF40758F942035DE8D17AD5EE38E800B760
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E1EB2E Relevance: 13.7, APIs: 9, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Dunscale$_errno_fperrraisefesetexceptflag
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 68345879-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cd4a61865d829d341eecadc761312c1105a3b84fba06925fd1ec0c58789bb1d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8e47d2118eb4946b70114e44782890e371038d7ed36b9efe4c60976c362823f3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd4a61865d829d341eecadc761312c1105a3b84fba06925fd1ec0c58789bb1d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81A1E532E08A869AE730EE268CC01BC77D1FF15784F548638F60A135D5EF78B895A710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DEAC8C Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1812809483-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1d15229758ca391b57261580735d5afbcf678e4e8b997b5c0b6969eb14ba533
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7949ba9e00c81669530e909c5bd8a429246010f71b0663e618813048501e4290
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1d15229758ca391b57261580735d5afbcf678e4e8b997b5c0b6969eb14ba533
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7341EF76E1825786EB70AF1189512BD32E0EF50BA1FD04235EADC47BC5FE2DE841B610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9CD80 Relevance: 12.2, APIs: 8, Instructions: 215COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCMT ref: 00007FFF29D9CDA8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9CA20: GetVersionExW.KERNEL32 ref: 00007FFF29D9CA46
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A5AC: GetLogicalProcessorInformation.KERNEL32 ref: 00007FFF29D9A5BF
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A5AC: GetLastError.KERNEL32 ref: 00007FFF29D9A5C5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A5AC: malloc.LIBCMT ref: 00007FFF29D9A5D6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A5AC: GetLogicalProcessorInformation.KERNEL32 ref: 00007FFF29D9A5ED
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCMT ref: 00007FFF29D9CDBF
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00007FFF29D9CE2F
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00007FFF29D9CE7E
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00007FFF29D9CF2E
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00007FFF29D9CF78
                                                                                                                                                                                                                                                                                                                                                                              • free.LIBCMT ref: 00007FFF29D9CFDF
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCMT ref: 00007FFF29D9D017
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::Manager::Resource$Affinity$ApplyRestrictions$Information$CaptureLogicalProcessProcessorVersion$ErrorLastRetrieveSystemfreemalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 162894247-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ee770302072390423ae5e1fa16548b7d4118f9b28ee4eaaf471bcd53ad657e70
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3fbb5a1124e4d8edd035ce56f18d9409b6a149933ab55a3c0f0878bc614fdf8c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee770302072390423ae5e1fa16548b7d4118f9b28ee4eaaf471bcd53ad657e70
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D915C31A09A8286FA74AF25EC902B977E4FF48744F804435DA8E47761EE3DE451F712
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DAFDA4 Relevance: 12.2, APIs: 8, Instructions: 177memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InterlockedList$Concurrency::details::$ClearCountedDepthEntryPushQueryQuickReferenceSet::$AllocatorBase::FlushReturnScheduler
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2671333916-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6cce03682e78c8b48ee7ac86c2355ec32aa9bf1d2055a2860290e7339a465fb5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cefa525081e7fd40af999309df674a4dcfdc62410af0957a74e0acdbdda56a08
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cce03682e78c8b48ee7ac86c2355ec32aa9bf1d2055a2860290e7339a465fb5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D816736704A419BEB58DF2AC9906AD73A0FB88F80F504136DB8E47764EF38E465E740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA6AF0 Relevance: 12.1, APIs: 8, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrowstd::bad_exception::bad_exception$Concurrency::PolicyPolicy::_Scheduler$ResolveValidValueValuesmalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2142143938-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7855f24b0a9af01c7ef2becb12c5bb2c44b49073a0fcbf22542ebc85828c0f0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 93a44e16adde549fe54797033771c34d9cc786a6a0a3e5730d37a6d7b1130288
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7855f24b0a9af01c7ef2becb12c5bb2c44b49073a0fcbf22542ebc85828c0f0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1418136A09A4291EB209F24EC501BC67E0EB95B90FC15231D69E473E5EF3CE995A310
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9498C Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrowValuestd::bad_exception::bad_exception$List$CloseDepthEntryHandleInterlockedPushQuerystd::exception::exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3059678891-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 331dd011767db3616402801078af0a7554641f1572e4a359e6722af1786bd0b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 102ec1c663c650ab639768543394ff1571004fdccbe34a5da8d8f0089e4f80ff
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 331dd011767db3616402801078af0a7554641f1572e4a359e6722af1786bd0b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61119061A1898251FA30AF20EC912BC63E1BF88784FC44030EACC476E6EE2CE549F710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E18EE3 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _set_statfp$_handle_error
                                                                                                                                                                                                                                                                                                                                                                              • String ID: "$cosh
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4267212730-3800341493
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c2f0f8a4ac0c2f73610d145203f917d35a67320fe8716d35ba00704d06dea5a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f5276d299b71629a8de38af38c114e117a07468b3d40aa81ea7d1c089ec134f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2f0f8a4ac0c2f73610d145203f917d35a67320fe8716d35ba00704d06dea5a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6917831D28F8589D2738F34A8813B673A4BF6A3D5F119337E58E32A55DF2CA5829610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E01A5C Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2523592665-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0fb491ab821081471228e458e4d825b72ca09342d8dd6a152e4d5ef494ace266
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 72d96f9fab1dfb0762fb566192de43eb5ca122374a56c1239a214d70fea6f90b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fb491ab821081471228e458e4d825b72ca09342d8dd6a152e4d5ef494ace266
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3616D36A08F4292EB259F16ED8127933E4FB84B94F444139DE9D0BB51EF3CE462A714
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DBF008 Relevance: 10.7, APIs: 7, Instructions: 166COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfo_read_nolockmemcpy_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1864104905-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f37abdcedb4fc36bd7c8437565154a6b21d1fee1f37b1b2551e22b7524b49c6b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e0c0419d202b22788db487a9ba1330bb9ff6687f4990d4565b7855e617190a45
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f37abdcedb4fc36bd7c8437565154a6b21d1fee1f37b1b2551e22b7524b49c6b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A51E561B0964242FA346E6A9D3067E65D1AF40BF0F944A31DEBD43BE4EF3CE491B640
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DEAADC Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1573762532-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a563f990dfc1f694fc2b117d34180368b445e7e497bfd665a572e3bf6607d3c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9a7d7918d09a983730ac2ba8b92382fbc546a2cd11d2f8aa7d4e494ad9ec8ba6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a563f990dfc1f694fc2b117d34180368b445e7e497bfd665a572e3bf6607d3c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2941F07AE0829782EE74AF1199501B972E5EF50B94FC84132EADC076C5FF2CE981B700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D91858 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: malloc$Concurrency::critical_section::unlockConcurrency::event::setCurrentExceptionThreadThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 677318757-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 67db6f5f38b1160d5ab8f5318afd1bb9d6bfdb07a0390e9001cc66e60ce268bd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8bdc5073d5ba57bc4561f2fbf90dde982fd7f386641b00d57d624485979d3f9c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67db6f5f38b1160d5ab8f5318afd1bb9d6bfdb07a0390e9001cc66e60ce268bd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D418E32605B02A6EB24EF25E84036D73F4FB48B98F944235DAAC43794EF38E955E740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA8AC8 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::List$ArrayInterlockedVirtual$ActiveAvailableBase::CountedEntryMakeProcessorProcessor::QuickReferenceSchedulerSet::Value
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3788061100-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 06fa5d4ae34a4ba0f92a98af4451b8c9e4c22fd19b8f155475ef103accb1b314
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f19dd0cae761cc20c7fec2650369a61ca3c7bfd1584fb228e9e75dfd898894d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06fa5d4ae34a4ba0f92a98af4451b8c9e4c22fd19b8f155475ef103accb1b314
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60318A76709A4186DB64CF16E9806AD73A1FB98FC0F888431DF9D0BB55DF38E461A740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DEA9B4 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1812809483-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4560b200cff6af1e3f8dcc07947456a8c4ea3d9ed481a59fe9797454db486d25
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ac7bbd55d6f477b01dfc234a9d69589c1b826e6d4878db5b73052b33725e074
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4560b200cff6af1e3f8dcc07947456a8c4ea3d9ed481a59fe9797454db486d25
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5319C31E0D78386FA709F119E513BA62E0AF44B90F954231EADD17BC6EE2CE441BA10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9C974 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThreadThrow$Concurrency::details::CreateLibraryLoadPriorityReference
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 20863598-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 42550a4ba68d027fb7b81edad64704f2b5fc30dfa52ff05cea80b6693188855c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b493828a2974facd7d894a82d385cf5f35c9bc9b590dd9e97d544f8509ec8683
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42550a4ba68d027fb7b81edad64704f2b5fc30dfa52ff05cea80b6693188855c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C118B31A18A4792FB60AF60EC443B923D1EF98704F804831E58D8759AFE3CE545E320
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DEE850 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _getptd
                                                                                                                                                                                                                                                                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 34b300345020f41c92220c2757d4f9d8894536d3868c8e3e6f3b2eae0258a573
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9c76aac5f70673ae9d9ae25d87ae09d8445fd7d2e6c41f29b86130de817086e3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34b300345020f41c92220c2757d4f9d8894536d3868c8e3e6f3b2eae0258a573
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05F0F83990811AC6E6B52F6498953BC75D0AF98705FC68072C6C843382EFAD6980BA22
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DBE8F4 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 28428206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 79b907abd18e044594767ae4039b41e9217b2e5db8243af9ab0b1b31eb8e2138
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d32566f1475859215bef4863e2d165274164371024afd01b0cd4a89bf5d8411
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79b907abd18e044594767ae4039b41e9217b2e5db8243af9ab0b1b31eb8e2138
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F041AA62E1C24240FEB94F358D7037DAAD46F41740F9A4036DA8E276C2FE2CA90473E2
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD2F10 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$Locale_invalid_parameter_noinfo$UpdateUpdate::_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 435653451-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6b1fd0a7dba2ca66996e08d9fbcebc50cd6e8670ec8ea27abe0be9eb37b199e9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c187d2294c3e3d8aa44dbb5fb5215e66397585e721dce7e28aaec97dbc7bb997
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1fd0a7dba2ca66996e08d9fbcebc50cd6e8670ec8ea27abe0be9eb37b199e9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D531C323A0D28242EA315EA59E5437CA6D0AF017C4F88A431DBCD0BB9AEE5DD442B720
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DCDCC0 Relevance: 9.1, APIs: 6, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$UpdateUpdate::__errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2256927276-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 20f7577ed96e81c33fce7591ee4d228c71157dc461b68c1301a712ce37352de6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f7983b88e7e44852852e72262ce0b658e46cce41b81dfc2d866fe8e3245a19d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20f7577ed96e81c33fce7591ee4d228c71157dc461b68c1301a712ce37352de6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33317221E1E78286FA705F159D5037966E0AF80BB0F988335E6AD07AD5EE6CE443B700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD2C38 Relevance: 9.1, APIs: 6, Instructions: 75COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$Locale_invalid_parameter_noinfo$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_getptd_getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2266916603-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f8847306f2424f6329519face014c1e3b9b2a399544e29a402e720daa9dda3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1577191f6e3519993a18f5a855d38594e8f8dd4d4120dd87a11f7fbb1c532183
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f8847306f2424f6329519face014c1e3b9b2a399544e29a402e720daa9dda3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E931812390C3C28AEB325F64995137D6AE0AF51740F989031DBC907B86EF6DD851B761
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA48F0 Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value$Exception$EntryFileHeaderInterlockedListRaiseThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3902666156-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: be4352cfc9eb6066465565c85dab3734efed74dd1582e50398225f78b342d8c6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e76656949b4b4a4dd6f89e5057f731141c98cbaa7717cc1906d5703da04fe89
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be4352cfc9eb6066465565c85dab3734efed74dd1582e50398225f78b342d8c6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A314132A09A4245EA309F22EC5517967E0EF84B90F944539DA9D073E5EF2CF455F311
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E29888 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _handle_errorf_set_statfp
                                                                                                                                                                                                                                                                                                                                                                              • String ID: "$sinhf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3566572912-3935523221
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: eec26047d599784861323c7e9150649e35ce6d559f90dd422186d6c495fd8703
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04c8f92d5470cfb4f9757a0b224036992554bccd4355ae7de8c1c5c96a392e17
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eec26047d599784861323c7e9150649e35ce6d559f90dd422186d6c495fd8703
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F71A731D2DF4286E6739F35E890375A394BF65390F51A332E54E33A65DF2CE082AA10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD5CE8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale_errno$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_getptd_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3296530732-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7fc5919007a22f8f0a1aa4f47f8972939e78080c4dd05aaa75f5ae3b93b17e88
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7250f95faeed5d93aa94c68d00d89730631deb619428cdcd1d93ccc5b6583530
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fc5919007a22f8f0a1aa4f47f8972939e78080c4dd05aaa75f5ae3b93b17e88
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB419B2391C79642F7725EA58C183796AC09B91B54F996035CEC90B7CEEE2CA842F371
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DC3C20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID: B
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1812809483-1255198513
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c098f42ccba1b40bf716fb98293eb8064635a538432c154bdd55d5e575207985
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 27eaee60f57d0a59bb3a3d6ab9476a899ecee5879a3408be9d0b1a4bb879a048
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c098f42ccba1b40bf716fb98293eb8064635a538432c154bdd55d5e575207985
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08216D32B1976186FB209F61DC502AC7BB4BB48B98F944131EE9D17B89DF39D002A714
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA1ADC Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dde6e9704568e60a8bea1c035401969bbedf6e69bb083b7a8c4aca01a5ffda59
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 986d2c468af9c0e84139446f95d217db806306c9b34b352ef3cb9e1b60fd44ec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dde6e9704568e60a8bea1c035401969bbedf6e69bb083b7a8c4aca01a5ffda59
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE418136A18A418ADB20DF26D8806BC33A0EB49BC8F640535DE4E4B794EF39D495E740
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB5010 Relevance: 7.6, APIs: 5, Instructions: 65threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$CurrentErrorExitLast_callthreadstartex_freefls
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 944168715-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1d74c02bed9efe1c6015ab8c24b9323ebe7b3fad4a6a61c2713eb5489778db7e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d2b64bd063d061831682d9245b38c68511d813997300a6d038623663591b47c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d74c02bed9efe1c6015ab8c24b9323ebe7b3fad4a6a61c2713eb5489778db7e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF118632A08B8695EF249FB1D9657BCA2D0BF15B84F844034DA9D47386EF3C9450B711
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD5FF8 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfo_strrev
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3985226498-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: afa1ffc133b0c5c0537c167287613d6611503ea27a9726cc4b232405ba24143a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2b1a7f0cffd225dda5061c48c946f4380ee9760a7919cee0fab6f213f1d6ccd3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afa1ffc133b0c5c0537c167287613d6611503ea27a9726cc4b232405ba24143a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D421CF2790C2C581F7214F659A203BD6BE0AB50B88FDCA171D7D90778EEE2DD081B7A1
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB3C7C Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: parse_cmdline$FileModuleName_cwild_malloc_crt
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3301126851-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f8e5ec85b962fedb451104de178a119be703e167ea4941f745445260b55d2c81
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a8491e918834011cbc083b22198f1b8a6cfce9705be57a1b6cb157f0b197f1b7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8e5ec85b962fedb451104de178a119be703e167ea4941f745445260b55d2c81
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1218231A09B4242EA30DF14E8601A9A7E1FB457A0F944335E6BD43BE8EE7CE000A711
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA2FF8 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: List$Array$FlushInterlocked$Hash$CriticalDeleteEncodeFreePointerSection
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2607547631-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 40bcc807eccc0b0f92f303473f726f513a45d0992efddf2080e1f080e4b2daaf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d8fc179ec4dc974774d52cad4ceb0e15325f3f36ab66e447d3d4813a037429b8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40bcc807eccc0b0f92f303473f726f513a45d0992efddf2080e1f080e4b2daaf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9111C31949E41D2EB20FF71DCD11BC63A0EB86B54F441231D95D9B3EADE28D889E314
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DFDC10 Relevance: 7.5, APIs: 5, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Pointer$Decode$Encode_set_abort_behaviorabort
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1029837053-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e18051ee7a76e5dd4650d419475529867a49f0bef73c249fcf11994b3af421a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a2012df92fd04e6ff75d855e321d7d10177f8f7d85a7a8a2122ca72c769d4fc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e18051ee7a76e5dd4650d419475529867a49f0bef73c249fcf11994b3af421a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AF05E38A18E46D1EA245F51FDD517812E0FF88BC0F180438D91D47755EE3CE4506B21
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E11AE4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _call_matherr_exception_enabled_handle_error_raise_exc_set_statfp
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$acos
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 21717495-2870037509
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 295b2726ad34a530c227bc8aa9220200ea129383060eccc13f467e3e55ecdc0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 449aaa47ccda539d70c88e7ace357d300371cd213fb3e6f701c023cd6316850c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 295b2726ad34a530c227bc8aa9220200ea129383060eccc13f467e3e55ecdc0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23718631D28F46CAE3738F345C90376A6A4BF663D5F119336E95E37A60DF2CA0829610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D9B85C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BlockConcurrency::details::ExceptionLockNode::QueueThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Lock already taken
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2518553645-1119718501
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1b3964ce863f169f8b6d424345a27a081f83b01f4d76ab3098bec236b6f936a0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 69052af96df8224aa6b938664071ca4ec8030bbee15c3271a85ed45ec5f31953
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b3964ce863f169f8b6d424345a27a081f83b01f4d76ab3098bec236b6f936a0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31515832A14B1597EB249F19C94027837E0FB54B98F510639CEDD937A4DF39E852E780
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E13880 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$atanf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1043259411
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: aec24e28c603b7840dd4f9ab1c7b28ecf9fc2a572e312d1aa67fe21dba49b0c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bb26ff0759d910aab31538634d5be5cf92ff04ab4efa1fef3c2a5b9240287779
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aec24e28c603b7840dd4f9ab1c7b28ecf9fc2a572e312d1aa67fe21dba49b0c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8251B431D29F4686EA738F325C9037696955F763D5F10A333E80E33A60DF2DB082A610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E129E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _handle_error_set_statfp
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$atan
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3065776435-1342027943
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c5885f75e89e3e2ad2a2c300e9bc2acd14a1c49a5c169f0978c279e74087b63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ac2cc5eb09ed666eb1cd104d1df6e4b873d6bde832d4ce200b7a1a271a3eb3d7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c5885f75e89e3e2ad2a2c300e9bc2acd14a1c49a5c169f0978c279e74087b63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4518371D19F528AE6B38F359C913765794AFA63D6F009333D81F23A61CF2CB486A610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E109CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _call_matherr_exception_enabled_handle_errorf_raise_excf_set_statfp
                                                                                                                                                                                                                                                                                                                                                                              • String ID: "$_hypotf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1421923498-905711854
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 45019454f8d762927a1472640bf8d792a0a8b455af5afaef82cb4f8954cd0ed1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d987c322f15e300b9e5d8500d0c68c25192fdc83ae94857b4cd100ab613e296a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45019454f8d762927a1472640bf8d792a0a8b455af5afaef82cb4f8954cd0ed1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39310D31D28F8546D972DE325841679A2A1BFA7394F208332E96E369C4DF2CD4C1AB10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E11A1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetEnabledXStateFeatures$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1646373207-4754247
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3a6529b2861dcfa02b21bf9744e37248b00c5e0a486a928df4d84a2ec8c81270
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9937a34cd7296d6668cd73d31023423849163dc216da6bffd203f3c1214249a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a6529b2861dcfa02b21bf9744e37248b00c5e0a486a928df4d84a2ec8c81270
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2118231B18A429BEF68CF24ED902B937E1BB88780B044139DA9D83754DE3CE8419B25
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E05BE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _getptd_noexit.LIBCMT ref: 00007FFF29E05BF0
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: GetLastError.KERNEL32(?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D,00007FFF29DF6AE4), ref: 00007FFF29DB3412
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: _calloc_crt.LIBCMT ref: 00007FFF29DB3435
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: _initptd.LIBCMT ref: 00007FFF29DB3459
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: GetCurrentThreadId.KERNEL32 ref: 00007FFF29DB345E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: SetLastError.KERNEL32(?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D,00007FFF29DF6AE4), ref: 00007FFF29DB3476
                                                                                                                                                                                                                                                                                                                                                                              • _calloc_crt.LIBCMT ref: 00007FFF29E05C20
                                                                                                                                                                                                                                                                                                                                                                              • _Wcsftime.LIBCMT ref: 00007FFF29E05C66
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DFDB88: _call_reportfault.LIBCMT ref: 00007FFF29DFDBB0
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DFDB88: GetCurrentProcess.KERNEL32 ref: 00007FFF29DFE784
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00007FFF29E05BFD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentErrorLast_calloc_crt$ProcessThreadWcsftime_call_reportfault_getptd_noexit_initptd
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 342051241-798102604
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cd235d7489ac8df5d9dcd9cf2ac38ad963ef8539e7fd8afe8134c9d9c0a82279
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aaad97f3388b322359e62a1b0228c2a9129c46cc86dfbf1e14d062a8d975412f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd235d7489ac8df5d9dcd9cf2ac38ad963ef8539e7fd8afe8134c9d9c0a82279
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC11C232A08A4642FB38AF61D89237962D0EF84B44F448438DB8C1B786EF3DF440A720
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D99908 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocatorBase::Concurrency::details::ExceptionSchedulerThrowstd::exception::exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID: pThreadProxy
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3817256728-3651400591
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b1a0f52d1b48c04142e5701b52eb9bdd1e0e4cae95e51232d43fc7da39da79a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4f62c47a6f211036e60dd0203320b1e671647454705c4abc83013f1dbf07221a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1a0f52d1b48c04142e5701b52eb9bdd1e0e4cae95e51232d43fc7da39da79a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C115472A08B8684DA309F24E8453AD73A5FB45798F944235D7EC07AAADF3CD155D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DF68C8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _callnewh.LIBCMT ref: 00007FFF29DF68D6
                                                                                                                                                                                                                                                                                                                                                                              • malloc.LIBCMT ref: 00007FFF29DF68E2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF697C: _FF_MSGBANNER.LIBCMT ref: 00007FFF29DF69AC
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF697C: _NMSG_WRITE.LIBCMT ref: 00007FFF29DF69B6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF697C: HeapAlloc.KERNEL32(?,?,0000000D,00007FFF29DF6AE4,?,?,?,00007FFF29DB2ED0,?,?,?,00007FFF29DB2DCF,?,?,0000000D,00007FFF29DB3313), ref: 00007FFF29DF69D1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF697C: _callnewh.LIBCMT ref: 00007FFF29DF69EA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF697C: _errno.LIBCMT ref: 00007FFF29DF69F5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF697C: _errno.LIBCMT ref: 00007FFF29DF6A00
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29DF692B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DEEE20: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFF29DB15C9), ref: 00007FFF29DEEE8E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DEEE20: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFF29DB15C9), ref: 00007FFF29DEEECD
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: bad allocation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4cd9ac47e95648526044c9196fef2a1dc65c611290330e02cde3dbf5fd1cbd04
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10712a1abfc714edba6f59f658b7183d9a6e27265692cb9e53360f1df2850324
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cd9ac47e95648526044c9196fef2a1dc65c611290330e02cde3dbf5fd1cbd04
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1F04965A09B4B81EE349F50A8511B953E0FF88384F840034D9CD0BA96FE2CE244EB10
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D91F90 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • TlsGetValue.KERNEL32 ref: 00007FFF29D91FD4
                                                                                                                                                                                                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29D920E3
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29D920F4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DEEE20: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFF29DB15C9), ref: 00007FFF29DEEE8E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DEEE20: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFF29DB15C9), ref: 00007FFF29DEEECD
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::_TaskCollection::~_TaskCollection.LIBCMT ref: 00007FFF29D9212B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionTask$CollectionCollection::~_Concurrency::details::_FileHeaderRaiseThrowValuestd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1913448408-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: de938909f88a3ce2888b016fc8299a7ccacb062b991ac82c160dbea436f11308
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fcd16e78bad0d5c37142845a0064e0b2ff793549dbae3d6299fdbab154f6485e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de938909f88a3ce2888b016fc8299a7ccacb062b991ac82c160dbea436f11308
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41915D32619B8582EB74DF15E84476AB3A4FB88BA0F914235DBAD43794EF3CE445E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA0D0C Relevance: 6.1, APIs: 4, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Base::Concurrency::details::$NextRingSchedulerScheduling$CreateGroupScheduleSegmentValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3175584642-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 721bc383efdb17c69b756ea24615a842e5af580b5b76c94cce07c6abae3bb549
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cc92e3e9db3064b1519ef08c06056d9b52c85302bb966f668061425792d2699e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 721bc383efdb17c69b756ea24615a842e5af580b5b76c94cce07c6abae3bb549
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81515072A1869586EB24CF52D8402B877E1FB49B94F848135DE8D5BB94EF38E961F300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D91C68 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Collection::_Concurrency::details::_ExceptionInitializeStructuredTaskThrowValuestd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2378279308-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7ed68dd1430e3a8865e7cbf9d4852240149f022b68a1d252f1c82dd72cfe744
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 984f074ea9f810bb8e2caed2773ea092bd6a15ddc8bbcc76ced2e282d1917fc6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7ed68dd1430e3a8865e7cbf9d4852240149f022b68a1d252f1c82dd72cfe744
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79515B22A09A4686FA74AF15D84037A63E4FB44BA4F940635DEAE076D4EF3CE845E300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D96AD0 Relevance: 6.1, APIs: 4, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value$Concurrency::details::CoreCurrentIncrementProxy::SchedulerSubscriptionThread
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1391565827-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bf536c9678f59ab96dfad113e329c920b97938c579a078d9b1192ae0cc1e3641
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9a7f9567f7c244b94c4b5fa37953efb4fc8d0ff6ee7a17fe5e6a21d150615199
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf536c9678f59ab96dfad113e329c920b97938c579a078d9b1192ae0cc1e3641
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B514676608B8187EB649F12D98036D77A5FB48B84F94413AEF8E43B51EF39E461D700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D96CCC Relevance: 6.1, APIs: 4, Instructions: 98threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • TlsSetValue.KERNEL32(?,?,00000000,00007FFF29D96A46), ref: 00007FFF29D96D05
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00007FFF29D96DBA
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCMT ref: 00007FFF29D96DD3
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCMT ref: 00007FFF29D96DDF
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A414: GetLastError.KERNEL32 ref: 00007FFF29D9A418
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A414: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCMT ref: 00007FFF29D9A431
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29D9A414: _CxxThrowException.LIBCMT ref: 00007FFF29D9A442
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::Proxy::Scheduler$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCoreCurrentDecrementDestroyErrorExceptionExecutionLastResourceSubscriptionThreadThrowValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 258340094-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5787b2c30f08fec74a289c7d89f7ef2586355cf9f52f7ddecbb112402e66740a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f58ac56cb560d06d9a76b8a8dbc1ce1eb60a08b32ee171c4166ca7d17b0cf160
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5787b2c30f08fec74a289c7d89f7ef2586355cf9f52f7ddecbb112402e66740a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4241DC76A04B828AEB60DF25D88066C37A1FB48FC8F950235EE8D07745EE29D890E700
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DCDBFC Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$ByteCharMultiUpdateUpdate::_Wide__updatetlocinfo__updatetmbcinfo_errno_getptd
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3292933141-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 281f089ed6716f406065bf13e1f607ee5fbc142fb11a9f3f8e1ea33e59cf44b0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a526612c4d8939dc50582ef6f62b59e8251bcb3c41ec5264540e07a0e051c65f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 281f089ed6716f406065bf13e1f607ee5fbc142fb11a9f3f8e1ea33e59cf44b0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92312522A0E64245FB748F248E443B92AD1AF41BD1F984A30DFDD073E9EE2DE447B640
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB3B60 Relevance: 6.1, APIs: 4, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _calloc_crt.LIBCMT ref: 00007FFF29DB3BAF
                                                                                                                                                                                                                                                                                                                                                                              • _calloc_crt.LIBCMT ref: 00007FFF29DB3BEA
                                                                                                                                                                                                                                                                                                                                                                              • free.LIBCMT ref: 00007FFF29DB3C22
                                                                                                                                                                                                                                                                                                                                                                              • free.LIBCMT ref: 00007FFF29DB3C51
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF693C: HeapFree.KERNEL32(?,?,00000000,00007FFF29DB3472,?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D), ref: 00007FFF29DF6952
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF693C: _errno.LIBCMT ref: 00007FFF29DF695C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DF693C: GetLastError.KERNEL32(?,?,00000000,00007FFF29DB3472,?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D), ref: 00007FFF29DF6964
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _calloc_crtfree$ErrorFreeHeapLast_errno
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2012969789-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 56aa00d44a5ed11b7016c88f1153005c27e1aad5c686db9ca5d297baf57c18c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5032788f0a1c2664f7bba8c29d3c67f3934ee72286af26c2a3c4ac4001bb4bb6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56aa00d44a5ed11b7016c88f1153005c27e1aad5c686db9ca5d297baf57c18c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D531C221E0AA4642FB749F21EC613B863D1EF45B90F984539DACD47696FE3CE442B312
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E05C8C Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno_invalid_parameter_noinfo$CurrentProcessWcsftime_call_reportfault_getptd_noexit_wmakepath_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2212272557-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 882b8ea88a6e94381868e4de80b3b12cfa163e07772a1fcb8c73121609d32dd4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd6b0e096b453512f9673125c988f2031f00915524137c33cf6aedfe4dcc53bd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 882b8ea88a6e94381868e4de80b3b12cfa163e07772a1fcb8c73121609d32dd4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F21F631A08B4541EA34AF66ACC116E73D0EF55BA0F944735EFAC67BD6CE2CE0516610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DD5F34 Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrrchr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3640024801-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 31ef7369e25eb82f3cb32d4e4a2f969b03f4ea5fc8f0532f234bd8bfa6f3231e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e100a2acdecb806e9802dfc78b031f863c4487661cfad13128d9c2f05d79155
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31ef7369e25eb82f3cb32d4e4a2f969b03f4ea5fc8f0532f234bd8bfa6f3231e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0112623A0C78241FB314E605C9027DA6D1AB80BD4FD85531EADE0B7CCEE2CD445B711
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA4A08 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: List$CloseConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDepthEntryErrorExceptionHandleInterlockedLastPushQueryThrowValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1252094413-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 833b4815f88f1dc894a02cfbd3749161b73d97a7c7a626ada8ac9545a57f5c08
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1900729f2a192018f6106cd21ab5b5cf016315d5f10e2bddb64a88206a34d02
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 833b4815f88f1dc894a02cfbd3749161b73d97a7c7a626ada8ac9545a57f5c08
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F213032A09A4186EB649F22D89437D63A0EF48F84F984035DE9E1B755DF3CE8A5E314
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DAF9D0 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCMT ref: 00007FFF29DAFA27
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCMT ref: 00007FFF29DAFA3E
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCMT ref: 00007FFF29DAFA4C
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00007FFF29DAFA5D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Concurrency::details::$Base::Scheduler$Virtual$ActiveAvailableContextInternalMakeNextProcessorProcessor::ReleaseRingScheduling
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4009733604-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 030cb58cf6a345d66c2a4a37c427125a896da5b61d826a117aa979e7536b3931
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f8b5ba279487429ccd76652b47858c947999703a8639f309ad1b34a975a3cf03
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 030cb58cf6a345d66c2a4a37c427125a896da5b61d826a117aa979e7536b3931
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8911C426708B8185EA64DF1B98002ACA7E1FB89FC4F485071DE8E1B765DE3DD452B300
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB2FB4 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: parse_cmdline$FileModuleName_malloc_crt
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2958673422-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f6adccdba422fd75db456112467a3de6b803248e838f388b84c38128356c90c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 209a5b407fde1da57ee816f710280381b22460f6fbf1e6c16ccd516de41d6e70
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f6adccdba422fd75db456112467a3de6b803248e838f388b84c38128356c90c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9021A631A0DA4292EA20CF15E9501A9A3E1FF447A0F944335E7AD47BD4EF3CD000A711
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DAEA14 Relevance: 6.0, APIs: 4, Instructions: 41timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value$Concurrency::Concurrency::details::_Context::StopTimer::_Yield
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1443289160-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 51dbc9a40052522b25aca2541b28c57409cd688ecf3c3d969a7d69dd6e99eb39
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a9993c88ef058f112f7ff52672d8a57917dd6b0cbcae8d25f18a936a707c2a41
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51dbc9a40052522b25aca2541b28c57409cd688ecf3c3d969a7d69dd6e99eb39
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7111731918A4282E634AF20EC9037967E0BF85360F840638E6DE077A1EF2CE564F721
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB2D0C Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __wsetargvwparse_cmdline$EnvironmentFileModuleNameStrings__crt__mbtow_environ_malloc_crt_wcwild
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1473189909-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e698da091516ae130d7291de01e4429aed4e0c257ee2505f736f9e00729e672f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5df8cc25087fe117813f0f62a627194e83e3d55908e8b2b171e638fd7bbb9542
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e698da091516ae130d7291de01e4429aed4e0c257ee2505f736f9e00729e672f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48113C32A09B4781E2209F56FDA127967E4FF58780F444030EA8C87755EF3CE450B751
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DA6FEC Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29DA7026
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29DA7037
                                                                                                                                                                                                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29DA7049
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29DA705A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DA6D38: std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29DA6D6C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DA6D38: _CxxThrowException.LIBCMT ref: 00007FFF29DA6D7D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DA6D38: Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCMT ref: 00007FFF29DA6DB2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DA6D38: Concurrency::SchedulerPolicy::_ResolvePolicyValues.LIBCMT ref: 00007FFF29DA6DD0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionThrowstd::bad_exception::bad_exception$Concurrency::PolicyPolicy::_Scheduler$ResolveValidValueValues
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1039257354-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f99f806ca38f3a76fabb00d128ae954c9e21578bd732a36f299bb6d981259f3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: efc0c0952d8d260c8b8a53919b378b07ef0a51cbcc7b84db06972d8d6aa0de2f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f99f806ca38f3a76fabb00d128ae954c9e21578bd732a36f299bb6d981259f3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13018FA5E0854751FE30AF21EC621B903E1AF64B80FC44031E9CD8B6EAFE2CE595B710
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29D91B70 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::_StructuredTaskCollection::_Abort.LIBCMT ref: 00007FFF29D91B93
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DABF4C: Concurrency::details::_TaskCollectionBase::_RethrowException.LIBCMT ref: 00007FFF29DAC026
                                                                                                                                                                                                                                                                                                                                                                              • Concurrency::details::_TaskCollection::_TaskCleanup.LIBCMT ref: 00007FFF29D91BAD
                                                                                                                                                                                                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29D91BC5
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29D91BD6
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Task$Concurrency::details::_$Collection::_Exception$AbortBase::_CleanupCollectionRethrowStructuredThrow_getptdstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1973990515-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6ae616978706540e5a3868bd4c2b40f581926d702e9f76a80a2846375d6f7561
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7e47041acb08ace8314c2253c3f671604778ca937d2f20207a6e3d78118931f8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ae616978706540e5a3868bd4c2b40f581926d702e9f76a80a2846375d6f7561
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6F01962D1C20289FD70BF249D912B813E2AF9278CFD01574D5CE4B692FE1EE509F250
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DCB958 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_invalid_parameter_noinfo$_getptd_noexit_wasctime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2068361771-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ae9c53c2065590d22a69d7a95ffaae9bd71d157ce93b2406fb2220cf2458e5c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9f1a373c02e27012d7ef098ec349c7145f61de0d6661143f036a72e37f58bcd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ae9c53c2065590d22a69d7a95ffaae9bd71d157ce93b2406fb2220cf2458e5c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4F01721A1E94685FF31AF21DC223BE72E0AF94B44FD00035E6CD47692FE2EE142B611
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DCB85C Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _errno$_invalid_parameter_noinfo$_getptd_noexit_wasctime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2068361771-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 82f03035d0744bf8eb6809cc302ac24410d6d51204f2fc848b71279843bab3c9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3e35039c57065b431548fe0b229b5282abc82e2d593727dfba6802c506cdd18
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82f03035d0744bf8eb6809cc302ac24410d6d51204f2fc848b71279843bab3c9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28F0122191D94685FE31AF14DC622BE22E0AF54744FD00035E58D57696FE2DE002F610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DB4DBC Relevance: 6.0, APIs: 4, Instructions: 14threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _getptd_noexit.LIBCMT ref: 00007FFF29DB4DC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: GetLastError.KERNEL32(?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D,00007FFF29DF6AE4), ref: 00007FFF29DB3412
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: _calloc_crt.LIBCMT ref: 00007FFF29DB3435
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: _initptd.LIBCMT ref: 00007FFF29DB3459
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: GetCurrentThreadId.KERNEL32 ref: 00007FFF29DB345E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: SetLastError.KERNEL32(?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D,00007FFF29DF6AE4), ref: 00007FFF29DB3476
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00007FFF29DB4DAC), ref: 00007FFF29DB4DD9
                                                                                                                                                                                                                                                                                                                                                                              • _freeptd.LIBCMT ref: 00007FFF29DB4DE2
                                                                                                                                                                                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 00007FFF29DB4DE9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastThread$CloseCurrentExitHandle_calloc_crt_freeptd_getptd_noexit_initptd
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2738674749-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b8218d5ecd520e96af780f6798ad5ba23caae939ba7acf1bfc4a0d9b148fb127
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 275decd64261aaa08ddc7b676f4e028cda1d01f9986a08fbed35af5356672761
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8218d5ecd520e96af780f6798ad5ba23caae939ba7acf1bfc4a0d9b148fb127
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6D01720A09A8391FD78AF719CB507956D04F94B30B884338D8BF073D1FE2CB859B220
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E23A64 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                                                                                                                                                                              • String ID: "$log2
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1757819995-536339484
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c0577a4a3020b9c46cd0e97125ae35b894c7a07637a3031b36e065a6543bb28
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40ddcd54d3c0773dd6b29f2a6fe50cc7c08cd7309746809b159187a19d55badf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c0577a4a3020b9c46cd0e97125ae35b894c7a07637a3031b36e065a6543bb28
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A71EC72D38F4546E6238F359C5133652A4BFA93D4F10A737F91E23BA5DF2DA0825600
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E1DFD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _call_matherr_exception_enabled_handle_error_raise_exc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$floor
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1435483374-284986181
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6710c146fd03fee5680151a9e83395054e666b026e170dc39a08fdced5ba675d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0abd165608b6485441cc122c1867163f828dc10aacfa1011e34d459acae5969c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6710c146fd03fee5680151a9e83395054e666b026e170dc39a08fdced5ba675d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8721F371A1CF86C2EA719F21989037652D2BF9A7A0F104335F95E137E4DFACA980A610
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E29C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$sqrt
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1757819995-799759792
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 556ca28fd5c265d4f8c5de797c16c67f4f0aeea2b936829beb1e9560c72b8706
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3bba482c25049fd2c96237b1fe156c411c229f7d52466ff1f8112acdfe793bf8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 556ca28fd5c265d4f8c5de797c16c67f4f0aeea2b936829beb1e9560c72b8706
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B21A776D18FC582D761CF61E54136B66A1FFEB3E4F201325EA6D16AC9DB6CD080AB00
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E318E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$cos
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1757819995-1949035351
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f2817761e8a11ef08d1a4ca63885ec8e762354219620b51c0561fc330efb8a10
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 439e3cbe4cd276feedf3d3be9975f136c8c517f62f90a579723b861493dfa37f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2817761e8a11ef08d1a4ca63885ec8e762354219620b51c0561fc330efb8a10
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28116672E28F8942D760CF16E84136A76A1FBDA794F105329FA8C17B89DF7CD1909B04
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E07BEC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _getptd_noexit.LIBCMT ref: 00007FFF29E07BF8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: GetLastError.KERNEL32(?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D,00007FFF29DF6AE4), ref: 00007FFF29DB3412
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: _calloc_crt.LIBCMT ref: 00007FFF29DB3435
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: _initptd.LIBCMT ref: 00007FFF29DB3459
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: GetCurrentThreadId.KERNEL32 ref: 00007FFF29DB345E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DB3408: SetLastError.KERNEL32(?,?,0000000D,00007FFF29DB7069,?,?,?,?,00007FFF29DF6A1A,?,?,0000000D,00007FFF29DF6AE4), ref: 00007FFF29DB3476
                                                                                                                                                                                                                                                                                                                                                                              • _calloc_crt.LIBCMT ref: 00007FFF29E07C28
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DFDB88: _call_reportfault.LIBCMT ref: 00007FFF29DFDBB0
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DFDB88: GetCurrentProcess.KERNEL32 ref: 00007FFF29DFE784
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 00007FFF29E07C05
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentErrorLast_calloc_crt$ProcessThread_call_reportfault_getptd_noexit_initptd
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3838974081-798102604
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a51b8db6fc7dfac9ff488ba67b9a9b8d92e8ab7b2f044e948b899dd9e90d50ca
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cca7621cfd5759a45edf6c51f17df78acc3e307e73e553ad6edf30ddf1b9ce13
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a51b8db6fc7dfac9ff488ba67b9a9b8d92e8ab7b2f044e948b899dd9e90d50ca
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F611C432A08A0642FB34AF20DDD237923D0DF88B44F555439DA4D27786EE3EF881A360
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29E318FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _handle_errorf
                                                                                                                                                                                                                                                                                                                                                                              • String ID: !$cosf
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2315412904-2208875612
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4116560d0b9de274137d3ad05e560b2eebb861f4e68b910676730f8b1a0f6620
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4fea1f5a3256a95d13e3c9e673ffebc6c2cd44405e2d713601e9e7912a274e7d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4116560d0b9de274137d3ad05e560b2eebb861f4e68b910676730f8b1a0f6620
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90117732A2CA4187F3248F26D88137AB690EBD4385F20532DE78547AA5DB6DD195AF04
                                                                                                                                                                                                                                                                                                                                                                              Function 00007FFF29DEFFF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29DF0005
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DED0D4: std::bad_exception::bad_exception.LIBCMT ref: 00007FFF29DED0DD
                                                                                                                                                                                                                                                                                                                                                                              • _CxxThrowException.LIBCMT ref: 00007FFF29DF0016
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DEEE20: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFF29DB15C9), ref: 00007FFF29DEEE8E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00007FFF29DEEE20: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFF29DB15C9), ref: 00007FFF29DEEECD
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000014.00000002.1500954573.00007FFF29D91000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFF29D90000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1500936480.00007FFF29D90000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501161103.00007FFF29E38000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501240897.00007FFF29E6C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501262736.00007FFF29E6E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E70000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501283545.00007FFF29E73000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000014.00000002.1501319725.00007FFF29E74000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_20_2_7fff29d90000_DevQueryBroker.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exceptionstd::bad_exception::bad_exception$FileHeaderRaiseThrow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2866377151-2158758863
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 928b08fb45429fb23c89ddcc53a9d16f3e41cf625547cc9b7412a2deed5c6440
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7de2ae6d748d97f413bc02d570aa180d3fa97dc6a7f76f1a85fb24bcc3b47266
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 928b08fb45429fb23c89ddcc53a9d16f3e41cf625547cc9b7412a2deed5c6440
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDD0C972A08907E1D930AF10DC910B81362AF94398FC46132E18C031B9EE1CE68FE711